[Owasp-testing] OSSTMM manual

Vicente Aguilera vaguilera at isecauditors.com
Mon Jan 22 07:32:14 EST 2007


Javier Fernández-Sanguino wrote:
> Matteo G.P. Flora dijo:
>   
>> On Jan 19, 2007, at 10:37 AM, Javier Fernández-Sanguino wrote:
>>
>>     
>>> And also, the "Open Source" thing faded away long time ago (when ISECOM
>>> was introduced) the license is not at all OSS and neither is the
>>> development process anymore (just take a look at how many time they've
>>> had a 3.0 release and only provide it to those who pay)
>>>       
>> Interesting.  I've had the opposite experience.
>>
>> I know they are tight on controlling the submissions but they are very 
>> much still open as anyone who contribute regularry may tell you. Looking 
>> at 2.2: it has an OSS license.
>>     
>
> This mail might sound harsh, but I just want to get the facts straight 
> for everyone interested. I sincerely think that OWASP would be better 
> off collaborating with Information Systems Security Assessment Framework 
> (ISSAF) than with ISECOM's OSSTM. But, then again, it's not my call.
>   

I agree totally with Javier. I believe that the collaboration with the
ISSAF has more sense...

Regards,
-- Vicente Aguilera


More information about the Owasp-testing mailing list