[Owasp-board] Fwd: [Owasp-testing] OSSTMM manual, followup by Pete about OSS

Andrew van der Stock vanderaj at owasp.org
Fri Feb 2 04:04:34 UTC 2007

I don¹t have a huge problem with collaborating, but a few ground rules would
have to be worked out so we don¹t compromise our mission:

1. Is there any chance we could get a copy of what he proposes to integrate?
I think we should evaluate the materials before we agree. Matteo would have
to be involved. 
2. The OWASP result must still be open source under our current license
3. Anyone (including non-OSTMM members) must be able to work on it, which
means that the public will have access to the materials he wants to
integrate. This is not a problem for me, but it might be for him.
4. If we think it¹s a good idea, I¹d like us to sit down and talk with him
(ie a phone meeting or similar) and nut things out


On 2/1/07 10:40 PM, "Dinis Cruz" <dinis at ddplus.net> wrote:

> thoughts?
> ---------- Forwarded message ----------
> From: Pete Herzog <pete at isecom.org>
> Date: Feb 1, 2007 5:23 PM
> Subject: Re: [Owasp-testing] OSSTMM manual, followup by Pete about OSS
> To: Dinis Cruz <dinis at ddplus.net>
> Cc: "Matteo G.P. Flora" < mf at matteoflora.com <mailto:mf at matteoflora.com> >
> Hi Dinis,
> I have been giving the collaboration some thought and we think that we
> would like to start by combining the OWASP Testing guide 2.0 with the
> OSSTMM Data Security Modules so that it would be integrated with the OSSTM.
>    Since we have already been working on a special web app testing edition
> of OSSTMM 3, it might be beneficial to use each of our strengths to make
> the best version possible.  Would you or OWASP support an endeavor to
> create such a hybrid?
> Sincerely,
> -pete.
> --
> Pete Herzog - Managing Director - pete at isecom.org
> ISECOM - Institute for Security and Open Methodologies
> www.isecom.org <http://www.isecom.org>  - www.osstmm.org
> <http://www.osstmm.org>
> www.hackerhighschool.org <http://www.hackerhighschool.org>  - www.isestorm.org
> <http://www.isestorm.org>
> -------------------------------------------------------------------
> ISECOM is the OSSTMM Professional Security Tester (OPST),
> OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool
> Teacher certification authority.
> Dinis Cruz wrote:
>> > Hi Pete thanks for you answers,
>> >
>> > Regarding the OWASP Testing Guide and the OSSTMM, are you able to
>> > organize the 2 page comparison? Basically the question to answer in is:
>> > "what is covered in the OSSTMM that is not covered on (or has better
>> > quality than) the OWASP Testing Guide"
>> >
>> > If want to have a look at the guide see
>> > 
>> http://www.owasp.org/index.php/OWASP_Testing_Project_v2.0_-_Review_Guidelines
>> >
>> > I am also quite interrested in your research on classifying
>> > vulnerability types for the OWASP Report Generator
>> > <http://www.owasp.org/index.php/OWASP_Report_Generator
>> <http://www.owasp.org/index.php/OWASP_Report_Generator>
>> <http://www.owasp.org/index.php/OWASP_Report_Generator  >  > project where I
>> > am one of the main developers, can you share some results with us?
>> >
>> > Thanks
>> >
>> > Dinis Cruz
>> > Chief OWASP Evangelist, Are you a member yet?
>> > http://www.owasp.org
>> >

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070201/d69196fc/attachment-0002.html>

More information about the Owasp-board mailing list