We found that installation of the product was a bit challenging at times. Plug-ins are an option at the initial installation screen, but revisiting these options after the base installation was completed prompted for a re-installation of the entire product. This proved to be time-consuming and unnecessary. The product installs on many Windows-based operating systems, as well as Solaris and Red Hat. Support for many different compilers is included, and plug-ins for RAD, Eclipse and Visual Studio are optional.
From an administrator perspective, the installed components consist primarily of the Ounce Portfolio Manager, which is a web-based dashboard, and the Ounce Security Analyst, which is where most of the configuration and assessment work is performed. Because the product contains many different features and perspectives, the Security Analyst window may contain a large amount of information at one time and often feels cluttered. It is based on three primary views that reflect configuration, triage and analysis, respectively. In our testing, the product performed very well and found numerous vulnerabilities in our test source code. Once an assessment project is completed, the results can be pushed to its web-based dashboard for a more user-friendly dashboard view. From a design perspective, the two components appear very different, giving the overall solution a bit of a lopsided feel when switching between the two.
Documentation is helpful, but we would have liked to see more screen shots. Help is also only launched from within the application, as standalone PDF files had to be retrieved directly from the install folders and are not displayed in the Start Menu for Windows installations.
Pricing for Ounce Labs 5.0 is based on an annual license. Cost is $1,500. Perpetual licenses are available for $2,750. Gold level support is available for 20 percent of the net product fee. The Ounce Labs support site does list a support phone number and hours of operation, but the searchable knowledge base only contained three entries at the time of testing.