NewsForge: Open Source Security Manual and Training for Ethical Hacking
Feb 22, 2003, 02:30 (0 Talkback[s])
(Other stories by Tina Gasperson)
"The Open Source Security Testing Methodology Manual (OSSTMM)
has become an international open standard, according to its
creator, Pete Herzog. It is used by large organizations like the
U.S. Treasury Department, Home Depot, Verisign, and IBM, although
Herzog says that he has a hard time getting entities that use the
manual to talk much about it.
"Herzog has been in professional security since 1997 when he got
involved with IBM's Europe-based Emergency Response Service. Today
he heads up the Institute for Security and Open Methodologies
(ISECOM) in order to provide Open Source security tools and
information via the Internet. Herzog also describes it as an open,
non-profit think tank for developing new open standards and
methodologies in security.
"'The main problem I have is that nobody has to tell me if they
use the OSSTMM,' due to its Open Source nature, says Herzog. 'I
have been asked by a person at the U.S. Navy SPAWAR division about
it's inclusion in their Posture Assessment document. I also have
also some comments from the U.S. Air Force and Army--the biggest
downloaders of the manual based on web traffic...'"