As information security professionals, we conduct security assessments for companies. One of the biggest problems we have is after all the data is collected, how can we correlate the data accurately. So we decided to start a project to solve this problem, and we are calling it Open Source Security Assessment Management System (OSSAMS). OSSAMS is a framework for putting configuration files, security scan data files (like Nessus), and other data collected, during a security assessment or penetration test, into a RDBMS.
The framework is going to be designed in a fashion similar to Metasploit, SNORT, or other systems that allow the security community to create plugins for new tasks as needed. The primary goal of OSSAMS is to normalize the data, there by allowing the security professional to better assess the current state of security for an organization.
The founding OSSAMS team is comprise of Cody Dumont, Adrien de Beaupre, and Darryl Williams. Cody is a Sr. Security Consultant for the NWN STAR team (www.nwnstar.com), Adrien is a Security Tester in Canada with Intru-Shun.Ca Inc., and Darryl Williams is an expert in database design and SDLC architecture.