pete writes "OSSTMM 2.2
(Open Source Security Testing Methodology Manual) is the latest release
for auditors, penetration testers, ethical hackers, and the like.
With OSSTMM 3.0 still in peer review and undergoing many
edits for clarity, ISECOM
decided to update the current 2.11 with the reviewed research to make
immediate and necessary improvements to the current security testing
standard. The improvements are based on new research like
Error Types committed during tests and Test Types which breaks down
black box, white box, and gray box tests into 6 categories.
The biggest addition however is the security metrics which allow for a
realistic calculation of security operations. The manual is
also much cleaner to make it more presentable for those who like to
present it to their executive management or even their customers."
December 19, 2006