All the latest UK technology news, reviews and analysis
|
|
|
18 Feb 2002
A group of open source developers dedicated to introducing an industry standard on security testing will be releasing the fruits of their labours later this month.
Ideahamster.org started working on the Open Source Security Testing Methodology Manual (OSSTMM ) last year after becoming "sick of reading bland testing methodology descriptions".
Further reading
The group, which includes security experts and developers, claimed that the introduction of an industry standard on security testing would make it easier for users to judge security products.
Security firms currently use a number of different methodologies for testing, often producing a variety of results.
Ideahamster pointed out that descriptions of security testing methodology were often of the "we use unique, in-house developed methodology and scanning tools" ilk, or were "bland or secret".
Pete Herzog, heading up the development group, said that the focus of the project is to set a standard whereby "any network or security expert who meets the outline requirements in this manual is said to have completed a successful security snapshot and therefore, if nothing else, has been thorough."
Herzog chose the open source route for the project because he claims that a standardised methodology would be better recognised if "you, your colleagues, and your fellow professionals have helped design it and write it."
On the release announcement, Herzog wrote: "I have been able to integrate most of the submissions, corrected flow for new procedures, new laws, and new tasks. I have integrated security metrics, risk assessments, and included sections which will better guide testing.
"Included is a template of a sample report which contains all the elements which MUST appear in a report to carry an OSSTMM compliancy clause, data collection templates, and a few other OSSTMM standard testing instruments."
At the time of its conception, the OSSTMM was welcomed by security experts who backed the move to introduce a standard, although there was some concern over whether the project would receive enough industry support to survive.
Latest developments on the Open Source Security Testing Methodology Manual can be found here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Skills: Open Source, C, C++, Java, Python, SQL, Developer...
ActionScript 3, Flex, Javascript, HTML, CSS, XML My...
My client is a real-time advertising and content 'start...
C++, UNIX, Multithreading My client is a leading software...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?