[Owasp-testing] OSSTMM manual
dinis at ddplus.net
Fri Jan 19 09:52:59 EST 2007
- Daniel is indeed a great guy, who never gets angry, lives in
Thailand (moved from London) and checks his emails between Thai massages,
swims on the see and big walks on the local Forrest. So take his comments
with a pinch of salt.
- A note to recent OWASP members in this list: the older OWASP members
still have hard feelings on ISECOM's (and pete's) actions 5 years ago
when they/he 'closed' what was before open (or perceived to be Open)
material. I wasn't involved with OWASP at the time, but if you want more
information I am sure they can be disclosed.
- I don't know the details, but I am sure that ISECOM 'closure'
might have been a benign attempt to generate revenue to pay for
time to be
spend time on ISECOM projects. I'm very glad that OWASP didn't
decide to go down that 'closure' path and I am very proud to say that
(despite everything being available for free) OWASP's is today in a
reasonable good financial position (which is how we are able to fund
projects like the OWASP Autumn Of Code
Autumn of Code 2006 -
the list of projects sponsored). And before you ask, yes we will
soon the OWASP 2006 Financial accounts
- Regarding the review of OSSTMM in the OWASP Testing Guide, I
was not talking about grabbing content from it! (The guide is already big
enough, and we don't need to copy and paste material from elsewhere
in cases like this where there is licence conflicts)). I am just after an
honest review of what they have there (which will benefit our readers) in
the same way we do make references to books
- Regarding Javier's question below on whether he can forward this
thread to Pete, the answer has to be yes, since the archives of these lists
are publicly available in our lists.owasp.org website:
- http://lists.owasp.org/pipermail/owasp-testing/2007-January/ -
this months archive
- [Owasp-testing] OSSTMM
this thread :)
- Finally ISECOM lack of momentum (when compared with OWASP)
should be a very sharp reminder to anybody who thinks that OWASP's materials
should be closed in any way of form. I am for 99,9% disclosure of everything
OWASP related (the 0.1% covers for admin passwords and bank account details
which we are NOT posting on the WIKI :) ), and I do strongly believe that
OWASP's openness and integrity are its most valuable assets
Chief OWASP Evangelist, Are you a member yet?
On 1/19/07, Daniel Cuthbert <daniel.cuthbert at owasp.org> wrote:
> My question to Pete is this:
> If the project is truly open source, why are people required to pay
> to access beta code? What happens to the rights of the contributors
> to those sections that are being sold?
> On 19 Jan 2007, at 21:18, Matteo G.P. Flora wrote:
> > On Jan 19, 2007, at 2:58 PM, Javier Fernández-Sanguino wrote:
> >> PS: Feel free to show me wrong in any of the above statements.
> >> Maybe the project has taken a different route differently and I've
> >> missed it.
> > I'm not that good as a MIM... May I forward the mail to Pete and
> > have HIS answers, so that we can hear BOTH the point of views?
> > Javier is it right with you? I'll strip the name if needed be..
> > M.
> > --
> > Matteo G.P. Flora | mf at matteoflora.com | www.MatteoFlora.com
> > Pres. Milano AIP-ITCS #2657 | IEEE CS Member #80409490 | WOT Notary
> > Direttore Tecnico Osservatorio Permanente Privacy e Sicurezza (OPSI)
> > Privacy & Security Consultant | Forensic Examiner | SEO Expert
> > Secure Channel | pgp F3B6BC10 | 1984-at-nym.hush-dot-com
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing