[Owasp-testing] OSSTMM manual

Dinis Cruz dinis at ddplus.net
Fri Jan 19 09:52:59 EST 2007

Couple points:

   - Daniel is indeed a great guy, who never gets angry, lives in
   Thailand (moved from London) and checks his emails between Thai massages,
   swims on the see and big walks on the local Forrest. So take his comments
   with a pinch of salt.

   - A note to recent OWASP members in this list: the older OWASP members
   still have hard feelings on ISECOM's (and pete's) actions 5 years ago
   when they/he 'closed' what was before open (or perceived to be Open)
   material. I wasn't involved with OWASP at the time, but if you want more
   information I am sure they can be disclosed.
      - I don't know the details, but I am sure that ISECOM 'closure'
      might have been a benign attempt to generate revenue to pay for
time to be
      spend time on ISECOM projects. I'm very glad that OWASP didn't
      decide to go down that 'closure' path and I am very proud to say that
      (despite everything being available for free) OWASP's is today in a
      reasonable good financial position (which is how we are able to fund
      projects like the OWASP Autumn Of Code
      Autumn of Code 2006 -
the list of projects sponsored). And before you ask, yes we will
      soon the OWASP 2006 Financial accounts

      - Regarding the review of OSSTMM in the OWASP Testing Guide, I
   was not talking about grabbing content from it! (The guide is already big
   enough, and we don't need to copy and paste material from elsewhere
   in cases like this where there is licence conflicts)). I am just after an
   honest review of what they have there (which will benefit our readers) in
   the same way we do make references to books

   - Regarding Javier's question below on whether he can forward this
   thread to Pete, the answer has to be yes, since the archives of these lists
   are publicly available in our lists.owasp.org website:
      - http://lists.owasp.org/pipermail/owasp-testing/2007-January/ -
      this months archive
      - [Owasp-testing] OSSTMM
this thread :)

      - Finally ISECOM lack of momentum (when compared with OWASP)
   should be a very sharp reminder to anybody who thinks that OWASP's materials
   should be closed in any way of form. I am for 99,9% disclosure of everything
   OWASP related (the 0.1% covers for admin passwords and bank account details
   which we are NOT posting on the WIKI :)  ), and I do strongly believe that
   OWASP's openness and integrity are its most valuable assets

Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?

On 1/19/07, Daniel Cuthbert <daniel.cuthbert at owasp.org> wrote:
> My question to Pete is this:
> If the project is truly open source, why are people required to pay
> to access beta code? What happens to the rights of the contributors
> to those sections that are being sold?
> On 19 Jan 2007, at 21:18, Matteo G.P. Flora wrote:
> >
> > On Jan 19, 2007, at 2:58 PM, Javier Fernández-Sanguino wrote:
> >
> >> PS: Feel free to show me wrong in any of the above statements.
> >> Maybe the project has taken a different route differently and I've
> >> missed it.
> >
> > I'm not that good as a MIM... May I forward the mail to Pete and
> > have HIS answers, so that we can hear BOTH the point of views?
> >
> > Javier is it right with you? I'll strip the name if needed be..
> >
> > M.
> >
> > --
> > Matteo G.P. Flora | mf at matteoflora.com | www.MatteoFlora.com
> > Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
> > Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
> > Privacy & Security Consultant | Forensic Examiner | SEO Expert
> > Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com
> >
> >
> >
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-testing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-testing/attachments/20070119/dcf8b0e5/attachment.html 

More information about the Owasp-testing mailing list