[Owasp-testing] OSSTMM manual

Vicente Aguilera vaguilera at isecauditors.com
Mon Jan 22 07:32:14 EST 2007

Javier Fernández-Sanguino wrote:
> Matteo G.P. Flora dijo:
>> On Jan 19, 2007, at 10:37 AM, Javier Fernández-Sanguino wrote:
>>> And also, the "Open Source" thing faded away long time ago (when ISECOM
>>> was introduced) the license is not at all OSS and neither is the
>>> development process anymore (just take a look at how many time they've
>>> had a 3.0 release and only provide it to those who pay)
>> Interesting.  I've had the opposite experience.
>> I know they are tight on controlling the submissions but they are very 
>> much still open as anyone who contribute regularry may tell you. Looking 
>> at 2.2: it has an OSS license.
> This mail might sound harsh, but I just want to get the facts straight 
> for everyone interested. I sincerely think that OWASP would be better 
> off collaborating with Information Systems Security Assessment Framework 
> (ISSAF) than with ISECOM's OSSTM. But, then again, it's not my call.

I agree totally with Javier. I believe that the collaboration with the
ISSAF has more sense...

-- Vicente Aguilera

More information about the Owasp-testing mailing list