The OSSTMM came about as a need for an open, free security testing methodology in response to the numerous security testing companies who claimed to have a secret, internal, and corporate confidential methodology for testing. It was this methodology that they used to differentiate themselves from other testing companies. The problem was that often it didn't exist and the tests turned out to be no more than commercial scanners set loose on a list of systems. The development of the OSSTMM began as a series of logical steps to make a good test and grew into the need to make the most thorough test. This presentation will show the origin of the OSSTMM and the logic behind it, as well as results of reverse-engineering the reports of corporate tests, commercial tools, and commercial presentations.