[Owasp-live-cd-2008-project] OWASP LiveCD direction

OWASP Live CD 2008 Project owasp-live-cd-2008-project at lists.owasp.org
Fri Aug 1 11:40:27 EDT 2008

I can speak as a reviewer of the OWASP LiveCD work under way for SoC. This work is of high quality, and the bases covered in the previous CD have been covered in the update.

There was considerable offline discussion prior to the direction of the "08" CD being set. Unfortunately, there wasn't information available about efforts underway elsewhere, so you make the best decision you can with the available information.

I believe that this is actually called a "fork", as Fedora was, as a lot of other things are. 

I'm sure that good work by all is welcome.

I suggest that some re-branding of iterations on previous work may be appropriate, if previous releases continue to be supported. "Live-CD 07-release 2" or such may be the way to go. 
It's really nobody's fault that there may be 2 streams of work. 

Merging 07 release-2 functions and work currently under way is likely out of scope, to be fair to everyone. 

I suggest it would be helpful to get some release notes on the 07 release-2 functions. My guess is that these releases are now sufficiently different that they both offer unique advantages.  
It might be that the "re-branding" can be more distinct, based on a side-by-side look at features.

I'm quite ok to help with this - so the good work by both teams gets appropriate distribution. 

What do you think, folks ?

Sent from my BlackBerry device on the Rogers Wireless Network

-----Original Message-----
From: OWASP Live CD 2008 Project <owasp-live-cd-2008-project at lists.owasp.org>

Date: Fri, 01 Aug 2008 10:13:32 
To: <josh at packetfocus.com>
Cc: <pcoimbra at owasp.org>; <tomb at owasp.org>; OWASP Live CD 2008<Owasp-live-cd-2008-project at lists.owasp.org>; <dinis.cruz at owasp.org>; <dave.wichers at owasp.org>
Subject: Re: [Owasp-live-cd-2008-project] OWASP LiveCD direction


       I won't speak for OWASP - that's definitely not my place but I 
can  speak for my involvement with the SoC.  I heard about the SoC in 
one of  the local Austin OWASP chapter meetings[1].  Looking of the list 
of prioritized projects [2], I saw the Live CD and felt I was 
particularly well suited to that project.  I submitted an application 
for the Live CD project [2].  My application was selected as a SoC 
project for 2008.

      I started work and looked at the 2007 Live CD as a reference [3]. 
  I decided to go with SLAX and not keep with the distro from the 
previous Live CD.  I've detailed those reasons on the projects 
documentation wiki [5]. I believe I've made good progress on the current 
SoC project - a sentiment echoed by my reviewers on the project page [6].

      Beyond the SoC projects completion, I've got several ideas of how 
to augment the Live CD which are possible due to the modular nature of 
SLAX.  I've also got some ideas to integrate the Live CD with other 
OWASP projects.  I hope to have those ideas outlined on the project 
Wiki's Roadmap page by the weekends end [7].

      The last few weeks have been insanely busy for me (day job + 
freelance work + several family visits) so the project has been a bit 
stagnant for that period.  I'm still on track to make the SoC deadline 
but to ensure I get the best product out of the door, I've put in for a 
weeks vacation in August which will be used to complete and polish the 
Live CD.

       I believed that the previous Live CD project was dormant due to 
it being listed as a SoC 2008 prioritized project.  I apologize for not 
contacting you earlier but I assumed you moved on to other things 
(PacketFocus LLC).  That being the case, impact on your work was not 
part of my decision to migrate to SLAX.  Good luck on your presentation 
at OWASP New York.  I'd be interested in the presentation if you're 
willing to share as I wont' be able to attend.

-- Matt Tesauro

[1] http://www.owasp.org/index.php/Austin

[2] http://www.owasp.org/index.php/OWASP_Request_for_Proposal_List


[4] https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project

[5] http://mtesauro.com/livecd/index.php?title=Why_SLAX

[6] http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project

First Reviewer's Assessment at 50%:

Second Reviewer's Assessment at 50%:

[7] http://mtesauro.com/livecd/index.php?title=Roadmap

Joshua Perrymon wrote:
> Hey Paulo,
> I wanted to contact you regarding the direction of the OWASP liveCD.
> Background: Sometime in 2006 I contacted OWASP regarding the creation of 
> a LiveCD. I was in Australia at the time doing pentests and saw that 
> there was no LiveCD that focused on App Security. After several emails I 
> was given the OK and started developing the LiveCD nights and weekends. 
> Just before the first version was finished, I got SpoC sponsorship for 
> the first version of the LiveCD.   After completion, I got AoC 
> sponsorship and completed the second version.
> I have been busy starting this new company and noticed the new LiveCD 
> project under current sponsorship 
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project.
> I will be releasing a new version of the LiveCD at the OWASP conf in NYC 
> during my talk. Don’t get me wrong, I am an avid supporter of OWASP, and 
> by no means want to get in the way of progress. But I would like to 
> maintain some level of  involvement in the LiveCD project(s).  The 
> current sponsored version has been converted from Morphix to Slax so if 
> I continue down that road with my build, I will have to redesign the 
> entire process I have developed.
> If we need to keep and maintain two separate versions I’m fine with that 
> as well. Please advise on moving forward.
> JP 
> Joshua Perrymon, CEH, OPST, OPSA
> CEO PacketFocus LLC
> Josh at packetfocus.com <mailto:Josh at packetfocus.com>
> 1.877.PKT.FOCUS
> 1.205.994.6573
> www.packetfocus.com <http://www.packetfocus.com/>
> President Alabama OWASP Chapter www.owasp.org <http://www.owasp.org/>
> Selected for “Top 5 Coolest hacks of 2007” Dark Reading/ Forbes.com
> www.linkedin.com/in/packetfocus
Owasp-live-cd-2008-project mailing list
Owasp-live-cd-2008-project at lists.owasp.org

More information about the Owasp-live-cd-2008-project mailing list