The OSSTMM (Open Source Security Testing Methodology Manual) is a de-facto standard for security tests. It was developed by the Institute for Security and Open Methodologies (ISECOM) and is continually being reviewed and modified by industry experts. The standard is freely available and contains, amongst others, a security testing methodology for all channels (Human, Physical, Wireless,Telecommunications, and Data Networks) and the Rules of Engagement which specify ethical guidelines for security tests. Security gaps are categorized into the five categories Vulnerability, Weakness, Concern, Exposure und Anomaly according to their severity.