[Owasp-o2-platform] (need help with O2 .NET Scanner) Fwd: Links to the latest O2 Platform installer and O2 Subscription model

dinis cruz dinis.cruz at owasp.org
Fri Oct 1 11:20:11 EDT 2010


Firstly, In case there is somebody on this list that can make it to the
London Chapter meeting tonight, and is not on the owasp-london list, please
see below the invite for tonight's Samy's talk in London (which really good
)

For the others, please also read that email (below) and
    a) check out the new version of O2 and
    b) give me feedback the proposed O2 Subscripion model.

Now, on the topic of .NET Analysis. I really could do with some help in
completing the O2 .NET Static Analysis engine. Basically all core components
are in place (namely an engine that is able to follow taint and find the
type of vulnerabilities that today only the Commercial Static analsysis
engine can find), and all that is needed now is the final bits (namely a GUI
and .NET Rules)

If you are interrested and have cycles, please start a new thread, and I
will follow with more details on what needs to be done (In addition to
HacmeBank, I would like to use the ASP.NET Oracle Poet vuln as a case study
for the type of analysis that we can do with O2)

Dinis Cruz
---------- Forwarded message ----------
From: dinis cruz <dinis.cruz at owasp.org>
To: owasp-london at lists.owasp.org

Hi OWASP London

A couple months later, and following the presentation on O2 I did at one of
the last OWASP London Chapter meetings, here is the link the latest O2
Installer<http://o2platform.googlecode.com/svn/O2_ClickOnce_Installers/O2_XRules_Database/setup.exe>(.NET
ClickOnce)  for the ones that want to try the new O2 GUI and
capabilities.

There was also a request for my presentation on the new O2 Business Model,
namely its paid subscriptions.

I just wrote this blog entry about it Update on O2 Subscription
Model<http://diniscruz.blogspot.com/2010/10/update-on-o2-subscription-model.html>and
here is the O2
- Commercial Services
presentation<http://s3.amazonaws.com/O2_MiscFiles/O2++-+Commercial+Services+%28AppSec+DC%29.pdf>(note
that this is an experiment on OWASP where we are trying to figure out
a funding model for OWASP Projects (with O2 leading the way, but more to
follow))

I'm going to be at tonight's London Chapter
meeting<http://www.owasp.org/index.php/London#Friday.2C_October_1st_2010>,
so if you want to talk about O2, just track me down :)

If you have a couple minutes, I really would like to get your feedback on
this O2 Subscription model.

I think that the *'Open Source Tool/API Customization per Subscriber'* model
(where each subscriber gets a targeted version) could actually be a great
funding model not only for OWASP projects but also for other Open Source
projects/APIs (including the many that O2 consumes/exposes).

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20101001/ae66167f/attachment.html 


More information about the Owasp-o2-platform mailing list