The Open Source Security Testing Methodology Manual (OSSTMM) 3

The Open Source Security Testing Methodology Manual (OSSTMM) 3 provides a scientific framework for verifying operational security across physical, human, and digital channels.

This methodology uses test cases to generate factual metrics rather than relying on anecdotal evidence or general best practices.

By focusing on the attack surface and exposure through the Relative Actual Value (rav) metric, it delivers a bias-free audit of security controls.

The primary strength of this approach is its ability to provide a unified, measurable standard that improves the accuracy and efficiency of security decision-making.

https://www.isecom.org/OSSTMM.3.pdf