Penetration Testing mailing list archives
Re: OSSIM Fedback
From: Stefano Zanero <zanero () elet polimi it>
Date: Thu, 15 Jun 2006 22:17:48 +0200
Dominique Karg wrote:
It's not my duty to enter into discussion if ossim is easy to use or not
It is easy to use - not so much to install ;)
I must say that I have to deny this and ask Stefano sincerely for proof of this.
Let me say that your denial on public record here on this list is more than enough - I believe you on your word. However...
This is why parts of it may be not well documented, not clearly structured and so on. But obfuscating / complicating code in purpose ? No way.
Well, last time I looked (it was september last year) the OSSIM server code was completely undocumented - not just in nice, user friendly docs, but not EVEN IN THE CODE. We had to reconstruct the communication between client and server by reverse engineering the code and sniffing the communications, which is, let me say this gently, UNCOMMON for an open source project aiming to integration. Don't you think so ?
Anyway, if you have had trouble understanding the code and needed help, we've got a small but fine user base who would've been glad to help
We tried, at that time, on both #ossim and on project mailing lists... The answers we had were 1) in french and 2) private, so I won't quote them here... but I can quote a brief sentence of one of your "user base" members: " Ce manque de commentaires est fait pour éviter la reprise et modification du code source par d'autres personnes !! Un développeur OSSIM a dit: "if hell was coded, it would have been done like our server" " This mail, and others of the kind, were partially confirmed by devels on the channel. If your policy has changed, or if this was just a huge misunderstanding, I'll be glad to see some devel docs as soon as you can fix them together. Even as drafts, we will be glad to help you put the knowledge base together. Best, Stefano Zanero ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- OSSIM Fedback Koolk3 (Jun 12)
- Re: OSSIM Fedback Stefano Zanero (Jun 12)
- Re: OSSIM Fedback Dominique Karg (Jun 13)
- RE: OSSIM Fedback Strand, John (Mission Systems) (Jun 13)
- Re: OSSIM Fedback Stefano Zanero (Jun 15)
- Re: OSSIM Fedback Dominique Karg (Jun 13)
- RE: OSSIM Fedback Mark Lists (Jun 13)
- Re: OSSIM Fedback Stefano Zanero (Jun 12)