[Owasp-testing] OSSTMM manual

Daniel Cuthbert daniel.cuthbert at owasp.org
Fri Jan 19 09:18:59 EST 2007


rage? me? pfft you haven't met me yet, i rarely get angry.

All i was saying was that OWASP and the OSSTM have different  
ideologies. As it was just pointed out, they use the term open source  
very very very loosely.
If it was open source, why can i not get hold of a copy of the RC  
beta for version 3 right now and look at it?

Sorry if you thought i was angry, it was totally the opposite and  
called sarcasm :0)

Personally i want to stay FAR away from OSSTM and since 2001, we have  
never joined forces and worked with Pete
On 19 Jan 2007, at 20:44, Matteo G.P. Flora wrote:

>
> On Jan 19, 2007, at 2:32 PM, Daniel Cuthbert wrote:
>
>> Hang on one moment on the group hug there busta!!
>
> Daniel, I really don't understand your rage, but I'll try (again)  
> to cope with anger. Anger has always been the worst of the counselors.
>
>> The latest version is OSSTMM.3.0 (which is in RC mode). Now to  
>> access this you need to be a GOLD, or Silver, member and Gold  
>> costs $259 and Silver $49
>> If you want the free version, well thats stuck at ver 2.0 and has  
>> been for years now.
>
> OSSTMM is in RC and will see the light in just a few time.
> You can rest assured of this since I've talked with Pete about that  
> a lot of times. (And is someone care I perfectly agree on "2.0  
> sucks", while 3.0 is another thing at all...).
>
>> If you are saying we collaborate, and i have no issue with this,  
>> then something needs to be done.
>
> I'm sure we can find an accommodation and I'm sure I'll be able to  
> provide the 3.0 for review to a panel of OWASP... Or so I think...  
> I may have to press Pete a little, but I'm sure that's feasible.
> And I don't really believe in "insurmountable" tasks.
>
>> It might say open source on the tin, but from where im sitting it  
>> looks like a pay as you go open source and im sorry, none of the  
>> content i have written will ever be charged for and this is one of  
>> the sole reasons i joined with Mark and Jeff when OWASP was  
>> started back in the day.
>
> No one told you to give content to OSSTMM.
> We were discussing in "taking" content from OSSTMM acknowledging  
> the source and have OSSTMM "refer" to code within OWASP.
> Sorry if my bad english went in the way and you were lead to think  
> I'd give your work for a paid submission.. That wasn't my idea.
>
> Hope this explain it all... And sorry again for my "spaghetti  
> english" ;)
>
> MgpF
>
> -- 
> Matteo G.P. Flora | mf at matteoflora.com | www.MatteoFlora.com
> Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
> Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
> Privacy & Security Consultant | Forensic Examiner | SEO Expert
> Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com
>
>
>



More information about the Owasp-testing mailing list