The Ounce Labs offering is a software-based solution, which is
actually a CASE (computer aided software engineering) utility. Ounce 4
works by reviewing code for any application to scan for security
vulnerabilities before the code is posted to a development or
production server. This type of utility is routinely mentioned in the
PCI-DSS compliance document and should be included in any
organization’s system development life cycle.
The utility ships with a demo data CD that allows the tester to
review non-production code to get a feel for the application and the
function. This feature was well received in the lab and made for a
stronger feeling of understanding before a tester would evaluate
production data. The dashboard for the application was straightforward
to use with panes logically laid out. The utility includes the ability
to compare sets of codes and show the differences, and also the ability
to triage coding errors, as well as the ability to repair the error and
scan again. Results can be published to a web server or reports can be
generated.
The installation of Ounce 4 was as straightforward as possible. A
few clicks of "next" and a quick browse to the license file and the
installation work was finished. The install did take some time to
complete because of the large amount of data being installed. Helper
applications and language kits were installed behind the scenes and
transparent to the user installing the product.
Ounce 4 arrived with a guide for the initial installation and use of
the product in hard copy. Several PDF documents accompany the
installation files on the install CD. The PDF files are indexed and
searchable to make finding whatever is needed faster.
Support is offered through phone and a detailed web portal, which
allows for the opening of tickets, feature requests and a knowledge
base. Phone support is offered during business hours.
The pricing for Ounce 4 starts at $1,500 for an annual license, and
$2,750 for a perpetual license. This prices Ounce 4 at the low end of
the price spectrum.