LinuxSecurity.com: Open Source Security Testing MethodsMay 03, 2001, 15:30 (0 Talkback[s])
(Other stories by Rich Jankowski, Dave Wreski)
[ Thanks to Rich Jankowski for this link. ]
"The The Open-Source Security Testing Methodology Manual (OSSTMM) is an effort to develop an open standard method of performing security tests. Dave Wreski and Rich Jankowski interview Pete Herzog, the creator of the project to gain insight to the development efforts and the hope for adoption into the industry."
"Q: Pete, could you describe your security background and how you got started with this project?"
"A: This project came about in an idea to teach my wife the finer points of security testing. We had moved to Barcelona, Spain for the birth of our daughter and she wanted to be able to work from home. We had so much going on and dealing with too much political red tape concerning Visas and Working Papers that I was constantly commuting to a Consulate or Embassy. On a train ride back home one day I scribbled a couple flow charts on scrap paper (which will be included in the manual). I was hoping to find the key to splitting the tasks of security testing in a way that my wife could lighten my work load by doing the investigative portions of information security which she has a knack for. I don't remember it being a big deal but my wife says it was. She says I got off the train and the first thing I told her was that I figured out a methodology for security testing and this could be important. She says also that I said immediately that I would give it away by publishing it online. I may have said these things but at that point I know I didn't have the details worked out like GNU licensing and such. A month later, I took over the ideahamster.org domain name my brother was sitting on. This week we posted version 1.0."