e<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>TSC and AppSec Consulting Partner to Expand Security and Compliance Services</title>
</head>

<body>

<table border="0" cellpadding="0" cellspacing="0" width="100%">
  <tbody>
    <tr>
      <td rowspan="3" bgcolor="#cccccc" valign="top" width="120"><img src="../images/tsc/pressrelease.gif" width="120" height="755" /></td>

    </tr>
    <tr>
      <td valign="top"><table border="0" cellpadding="20" cellspacing="0" width="100%">
        <tbody>
          <tr>
            <td><center>
              <a href="http://www.TheSecurityConsortium.net"><img src="../images/tsc/TSC-logo.gif" border="0" /></a>
            </center>
                  <p> </p>

              <p>San Jose, CA, April 14, 2009<br />
                <p>The Security Consortium (TSC) and Ounce Labs today announced that they have partnered to add source code analysis to the TSC Safety to Deploy service.  The partnership provides product companies and internal development with a comprehensive service to ensure product security. By combining theoretical analysis results with physical testing, TSC is able to focus testing using Ounce Labs source code analysis tool results, substantiate vulnerabilities and provide comprehensive recommendations to improve product security.  </p>
                <p>Security breaches make news every day, and the pace of attacks is growing.  Before purchasing your product, customers want assurance that you have tested for and repaired vulnerabilities.  For internal development projects, you want to ensure the resulting code is safe to deploy.  Traditionally, companies have relied on internal quality assurance testing to verify security, but this has proven inadequate.  As a result, more companies are turning to source code analysis tools and third-party security validation.  The partnership between TSC and Ounce Labs is responding to this market trend.</p>
                <p>Most source code analysis is done as a standalone task, often by internal resources without extensive experience or training. The findings from the analysis are often mitigated without knowing whether they led to actual vulnerabilities.  Using expert Trusted Advisors™ (TAs) from TSC, companies can professionally set up, run and interpret source code analysis, then validate those findings through testing.  Companies save time and money performing the analysis and fixing issues and can confirm product security for potential customers.</p>
                <p>&quot;Ensuring product security is critical to winning sales and ensuring customer satisfaction,” noted Mark Kadrich, CEO of The Security Consortium.  “Companies shouldn’t rely on internal quality testing that is completely inadequate to find security flaws or on source code analysis alone.  Our expert TAs employing the Ounce Labs tool provide companies comprehensive source code analysis and product testing to demonstrate security and win sales.&quot;</p>
                <p>&quot;We were founded on the idea that companies need to be able to easily identify and mitigate software risk,” added Gary Jackson, CEO of Ounce Labs.  “The Ounce Labs and TSC partnership provides companies with not only the ability to rapidly identify vulnerabilities in their business-critical applications using the Ounce product, but the expertise to validate and remediate those issues to improve product security.&quot;</p>
                <p>The source code analysis service is available now from TSC as an add-on to Safety to Deploy testing.  Contact TSC at <a href="http://www.thesecurityconsortium.net/?utm_source=pressrelease&utm_medium=email&utm_campaign=pr-ounce">http://www.thesecurityconsortium.net</a> or info@thesecurityconsortium.net for more information.</p>
                <p><u>About The Security Consortium:</u><br />
			Testing, research, counsel and leadership services from The Security Consortium (TSC) provide companies with the ability to balance the need for security with business objectives.  By focusing on overall business results instead of narrow test requirements, TSC helps companies improve the processes used to create, purchase, and operate security products.  
                <br />
                <br />
			TSC is a privately held company, founded in 2007 and based in San Jose, California. Further information on TSC is available at <a href="http://www.thesecurityconsortium.net">http://www.thesecurityconsortium.net</a> or contact Deva Loveland at +1 408.971.0984 or at pr@thesecurityconsortium.net
                <br />
                <p><u>About Ounce Labs, Inc.:</u><br />
			Ounce Labs’ industry-leading Static Application Security Testing (SAST) suite brings enterprise-wide awareness of business critical vulnerabilities. With this ability to identify and prioritize issues, organizations have the information they need to address their greatest risks. Ounce’s patented source code analysis delivers the scalability and automation to help organizations such as EDS, IBM, Intel, and Lockheed Martin strengthen application security and protect confidential information. Ounce also helps organizations to verify regulatory and policy compliance, addressing PCI DSS, FISMA, HIPAA and others. For more information, please visit <a href="http://www.ouncelabs.com">http://www.ouncelabs.com</a>.
                <br />
                <p style="font-style: italic">
			The Security Consortium is a trademark of The Security Consortium, Inc.  Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Other product or service names mentioned herein are the trademarks of their respective owners. </p>
                <br />
                <center>
                  ###
                
                </center>
          </tr>
        </tbody>
      </table></td>
    </tr>
  </tbody>
</table>
</body>
</html>