Does Ounce automatically fix the software vulnerabilities it locates?
In a word, no. Each environment is different, and requires the hands-on expertise of your team to make those fixes. Ounce separates real vulnerabilities from potential ones, allowing security analysts, QA teams, and developers to click instantly to confirmed vulnerabilities for focused remediation efforts. Ounce additionally sorts results by severity (high, medium, low) as well as by type (buffer overflow, race condition, privilege escalation, etc.), and the Security Knowledgebase offers suggestions to the developer for correcting the vulnerability or exception. There are also context sensitive links to the Common Weakness Enumeration (CWE) community site for additional remediation assistance. Ounce allows the developer to make the choice to correct or modify the code on a case by case basis as the developer typically understands more about the desired behavior of the application.
