Hundreds of Industry Professionals Offer Input and Feedback on Audit Guidance Sponsored by Ounce Labs
Longwood, FL and Waltham, MA—Sept. 19, 2005 – CHL Global Associates, experts in IT audit and risk management, and Ounce Labs, the leader in software security assurance, today announce the public release of Software Security Assurance - A Framework for Software Vulnerability Management and Audit. Mapped to relevant industry regulations and standards, including Sarbanes-Oxley, ISO 17799, COBIT, and COSO* controls, the Framework offers chief risk and compliance officers, audit teams, and security professionals guidance on effective software risk management controls. In the wake of increasingly frequent targeted attacks and massive identity thefts, the document fills in gaps in enterprise audit programs and practices, which generally do not account for measuring and addressing software risk.
Charles Le Grand, primary author of the Framework, has been a professional auditor for over 30 years and is the CEO and founder of CHL Global Associates. He previously directed The Institute of Internal Auditors Research Foundation, served as IIA’s CIO, and served in advisory roles for organizations such as the board of the Partnership for Critical Infrastructure Security, the U.S. President’s National Infrastructure Advisory Council, and the American Bar Association’s Information Security Committee.
“The industry largely understands the responsibilities and procedures of IT Audit at the network level, but there is still a lot of uncertainty about what reasonable controls should be in place to assure software security,” said Le Grand. “In some cases, not properly auditing for specific security mechanisms and policies may constitute negligence, so we created this framework as a step-by-step guide that organizations can use to effectively audit their software risk management programs.”
The peer-reviewed Framework offers detailed audit checklists and defines the software security roles for all levels of management and technical responsibility across the enterprise. Research and development of the document was sponsored by Ounce Labs, which offers Software Security Assurance products for commercial and federal markets. By analyzing applications at the source code itself, Ounce Labs’ products provide accurate, automated software security assessments with metrics, trend reporting, and documentation of controls necessary to thoroughly audit software systems.
In Forrester Research’s July 12th report, Seven Habits of Highly Effective Compliance Programs, analyst Michael Rasmussen explains the benefit of such automated tools stating, “Firms should regularly monitor and audit controls through a manual or automated process that validates that the control is in place and operating effectively.” The report goes on to say, “In ongoing control management, specifically on IT systems, many organizations are looking toward automated control monitoring and enforcement to ease the burden of control validation.”
“Our products allow an effective process for conducting software audits and informed decision making to mitigate enterprise risk,” said Jack Danahy, CEO of Ounce Labs. “Expanding regulations, targeted attacks, and media headlines over the past several months continue to demonstrate the need for better software security assurance and audit, and the tremendous work done by Charlie and his colleagues helps companies understand exactly what that entails.”
Software Security Assurance - A Framework for Software Vulnerability Management and Audit is available for free online at: www.ouncelabs.com/audit.
*Control Objectives for Information and related Technology (COBIT) and Committee of Sponsoring Organizations (COSO)
CHL Global Associates
CHL Global Associates provides information security and reliability services in association with the best available technology management, security, control, risk management, auditing, assurance, and governance advisers and experts. With over 30 years of experience, CEO and founder Charles Le Grand, CISA, CIA, has produced board-level guidance on information security for the U.S. Critical Infrastructure Assurance Office (CIAO, now part of the Department of Homeland Security), and directed the work of The Institute of Internal Auditors Research Foundation that produced the landmark Systems Auditability and Control (SAC) reports. More information can be found at www.chlglobalassociates.com
About Ounce Labs, Inc.
Ounce Labs™, the leader in software security assurance, delivers products that allow customers to manage software risk in applications across the enterprise, down to individual lines of code. The Ounce solution features patents-pending analysis technology, which scans source code to pinpoint programming errors, design flaws, and policy violations. Ounce offers the most accurate and complete analysis, the fastest time-to-value, the only complete portfolio management, and the greatest deployment flexibility. Customers include leading organizations in financial services, telecommunications, software development, government, and other industries focused on protecting data, reducing software vulnerabilities, and complying with industry regulations. For more information, please visit www.ouncelabs.com.
###
CONTACT:
Ounce Labs
Jake Messier
781.547.7031 (o)
774-368-0094 (m)
jake.messier@ouncelabs.com
"Security scanners tend to be trigger happy and obtuse, but Ounce Labs offers friendly scanners with fewer false alarms."