Home » Forums » OWASP Live CD » OWASP Live CD Support

Anything new going on for OWASP LIve CD project? Anything new coming out?

Submitted by Dav on Mon, 08/22/2011 - 23:12

Hi to the AppSecLive/OWASP Live CD project Group,

I was wondering if there are any new development in the OWASP Live CD project. It has been very quiet? Is there any plans for an upgrade to come out in the coming month or in a year? There hasn't been any activity in this page? Is OWASP abandoning this specific project? I hope not. If any one of the AppSecLive/OWASP Live CD project admin(s) would respond to my post, I would greatly appreciate it...

Thank you,
Dav.

‹ how to log in to the live cd Failed to extract download in 7 Zip ›
#1Submitted by mtesauro on Fri, 08/26/2011 - 11:17.

We're not dead yet!

You're quite right that things have been quiet lately - especially publicly. Here's the back story and what up coming...

(1) The project has not been abandoned. A couple of events came together to make this one hell of a summer (somewhat literally in Texas where I'm at - its been ~ 105 F / 41 C for weeks.)
* Ubuntu's switch to Unity made things much harder. Much of the customisation is lost under Unity and I can't test Unity in a VM thanks to the graphics requirements. I had to take an older laptop, clear off what I had on there and to an install of 11-04 just to see how the WTE packages would work. Ugly.
* I've been crazy busy both in my work life and personal life so the night and weekends I usually use to keep the project going have been few and far between.
* I did get to focus on WTE a week or two ago and did enough testing (~ 250 GB of VMs created and tested) to provide the answers below.

(2) Where things are now: I've made some decisions about the future direction of OWASP WTE:
* I will base the .deb packages, VMs and ISO images on Debian - Debian 6 squeeze currently. I'm hoping Debian will be more stable with fundamental pieces of the OS (e.g. the graphical interface) then Ubuntu has been lately. I don't want to see many hours of work go "poof" when Ubuntu wants to try something new and different. Releases will follow this path:
** Create packages against the current Debian release
** Create VMs (.vdi and .vmdk files) and the ISO based on Debian plus those packages
** Test the packages in the following Debian-based systems to ensure they install OK and work. If customisations work, its a plus but not a requirement. The order in which I will test them is: Ubuntu, Linux Mint (Ubuntu version), Kubuntu, Linux Mint (Debian version), Debian testing & unstable

Additionally, I'm shooting for a semi-rolling release - I'll update .deb packages as software is updated and roll "full releases" 2 times per year.

(3) What's next: I'm working on the Debian conversion and will have a release out by AppSec North America - http://www.appsecusa.org/ (need to I'm training & presenting using it at AppSec)
After that, I need to do a couple of things:
(1) Better organise myself to better handle volunteer, offers for help, etc.
(2) Update the OWASP Wiki pages (OWASP Live CD and OWASP WTE pages) to reflect the new reality
(3) Update this site a bit - there's changes I've wanted to do for a while but haven't made time
(4) Work on better methods of distributing the files since they are rather large. I've got some ideas here but need to get the next release out first.

So Dav, I hope this helps answer your questions.

And, thanks for forcing me to think through this enough to answer you ;)

Cheers!

Matt Tesauro - OWASP WTE project lead.