From: Pete Herzog (lists@isecom.org)
Date: Sat Nov 05 2005 - 15:59:48 EST
Marc,
> has anybody else have a look on the RAV metric for OSSTMM 3.0 ?
> I just did - and in my opinion its horrifying.
> anything which is more complicated then multiplaying more than
> 3 numbers is too complicated to use in a report to a client.
You actually need only provide 1 number to the client -- the RAV. If
you want to break it down into each part, then yes, it's 4 numbers which
might start getting a little heavy for your clients.
> it is already difficult enough to explain them what their
> problems are - this calculation sheet is a killer for any
> consultant.
I think you just need to learn it first. It's actually pretty simple to
fill out the form and once you read through an example you'll figure it
so as well. I know it has helped early-adopter consultants better
explain gaps in security or wasted money on overly redundant security
measures to their clients.
Sincerely,
-pete.
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:08 EDT