| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4BF5A2C5.30900@isecom.org> Date: Thu, 20 May 2010 22:59:49 +0200 From: Pete Herzog <lists@...com.org> To: Simon Kilvington <s.kilvington@...s.qinetiq.com> Cc: bugtraq@...urityfocus.com Subject: Re: The New ISO Hacking Standard Hi, Should they choose to accept the OSSTMM, ISO will take the OSSTMM 3, rewrite it into ISO language, place the pieces in their other security standards as needed, or as a whole into 1 security testing standard (whichever they choose). What they charge for ISO documents is out of our control at that point. Furthermore, they will not say anywhere that it is the OSSTMM on the document (something we disagree with but we will allow for the sake of standardization). However, ISECOM may say that the OSSTMM is ISO xyz. In the meanwhile, ISECOM will continue to offer the OSSTMM and continue development with further versions. The typical ISO cycle is 7 years which by then they will absorb our future version and apply it again the same way. The OSSTMM will not suddenly cease to exist and development will continue. We will continue providing it as we always have and it will continue to be free. Sincerely, -pete. On 5/20/2010 11:34 AM, Simon Kilvington wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Pete, > > if this becomes an ISO standard will it still be available for free, or > will you need to pay to get copies of it like you do for other ISO > standards? Also, once the ISO standard is defined, how will new open > source contributions be incorporated? > >
Powered by blists - more mailing lists