[Owasp-testing] OSSTMM manual

Matteo G.P. Flora mf at matteoflora.com
Fri Jan 19 08:53:32 EST 2007


On Jan 19, 2007, at 2:11 PM, Dinis Cruz wrote:

> Matteo, thank you very much for such elequent argument on the  
> collaboration between OWASP and ISECOM, which I completely agree.

Thanx Dinis....
It's nice to have someone supporting my ravings now and then ;)

> <snip>
>
> Let's build bridges here since I'm sure ISECOM users will also  
> benefit from the OWAPS Guide.
> Matteo got it spot on here: "Someone at OSSTMM did a very good job  
> in some area, we here did a bunch of VERY GOOD work in another.  
> Let's just sit and find out how to share this knowledge and come  
> out with a finished product that is better than the single part and  
> yet tokk us a fraction of the total time a rewrite would have  
> taken. ".

Talk about being pragmatic and about being productive...

> So I proposed that we include a section (couple pages) in the OWASP  
> Testing Guide about the areas that ISECOM document are worth  
> looking at. And this pages should actually be co-writen by somebody  
> from ISECOM. Matteo can you see if Pete Herzog can help?

I contacted Pete "in the general terms" not referring directly to  
OWASP to see what does he think and he just seemed enthusiastic about  
the idea.
I can bet safely that Pete (or someone for him in ISECOM)  will be  
glad to help as he's always been a very talkative and supporting guy  
(in my experience). And I'd really like to put a stop to all this  
nonsense in the "standard war".
And if Pete is too busy there's always the dear friend Raoul Chiesa  
in the italian Board of OWASP... And if both of them are too busy  
I'll take the task and coax both of them into doing giving me  
information... I'm a very good bully if needed be ;)
...And I know where Raoul lives, btw... <grin>

> Let's all have a group virtual hug now.... :)
> Great stuff, great debate, I like this new OWASP :)

<raving mode on>

You know, I really think all these wars must end. And quickly...
As Board of the Italian Computer Society hundreds of people come to  
me to ask question about career (especially in Computer Security,  
which is my line of business).. I tend to tell them to look at  
different perspectives and documents but it is very HARD for people  
to learn something when they have 10 different "standars" players  
saying 10 different things (and most of the time shouting insults at  
each other)...
In these late years I've been a sort of "human linked-in" with many  
and many guys from different security associations and groups, trying  
to inspire them to collaborate and  to join forces...
Let's think this is a first step in giving the STANDARD USER a more  
simple approach and a simple way to know BOTH OWASP and OSSTMM.
And I think we should event talk with ISO270001 and many many other.

At the end of the tale please consider that users embrace not the  
BEST technology, not the MOST INNOVATIVE technology, not the CUTTING  
EDGE technology but always and only the ONE WHICH SIMPLIFY THEIR  
LIFES the most. If we can give the user something to simplify his/her  
path to knowing security problems then ALL OF THEM will come after us...

<raving mode off>

> Dinis Cruz
> Chief OWASP Evangelist
> http://www.owasp.org


Dinis, let me tell what you need next from me... I'm at your  
immediate and complete disposal (metaphorically speaking ;))

M.

-- 
Matteo G.P. Flora | mf at matteoflora.com | www.MatteoFlora.com
Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
Privacy & Security Consultant | Forensic Examiner | SEO Expert
Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2472 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-testing/attachments/20070119/00736c2a/attachment.bin 


More information about the Owasp-testing mailing list