As you probably know by now IBM bought Ounce Labs on July 28th.
What does this mean for O2 and all the Open Source research that I have been doing (and publishing) for the last 12 months? The honest answer is that I still don't know (i.e. I'm still not an IBM employee and basically just had my Ounce Labs 'independent contractor' agreement extended to IBM).
I had a great meeting with a number of IBM/AppScan guys last week in Ottawa (Canada) and will be back there next week to do an O2 presentation and talk about the next steps.
There has also been talk (via Jim Manico and Tom B (here and here) to move O2 to OWASP, maybe even calling it O3 (as in "OWASP O2" where O2 could also be used as a reference to Oxygen). As Jim correctly mentions, O2 is released under an Open Source license (Apache 2.0) and there is nothing preventing this move (to an OWASP project). I love the idea to move it to OWASP, but lets see what is IBM's finally position on this (since ideally they should officially support this new OWASP project).
In practice, these IBM presentations means that you will see (when compared with what exists today) a HUGE amount of O2 documentation being published to the O2 website.
As with most of you, the first question that the IBMers are asking is "I've heard about O2, but WHAT is it, and what does it do?" :)
I'm also going to extend the O2 Module that shows how to map "Ounce's scan results with HP WebInspect scan results" to IBM's AppScan and Rational. This should be an interesting (and powerful) demonstration of O2 capabilities (and btw, AppScan Standard Edition is an .NET Application :) :) : ) :) ... 'nuff said :) )
The good news is there is lots of excitement and energy to make the O2 + Ounce + AppScan + IBM integration work (in a way that keeps O2 Open Source and makes business sense for IBM). Several Ounce guys are being really supporting and helping to spread the word. See for example this post from Ian Spiro (Ounce / IBM and Ounce Open - O2 User Inside Track ) who had a 'major O2 epiphany' last week (I really like his "Open source + Knowledge = Control" idea).
So expect to see a lot of activity over the next week, and if you have specific questions to ask about O2, now is probably the best time to ask :)
