[Owasp-guide] [Owasp-topten] [Owasp-testing] RFC: Common numbering proposal # 3

Mike Boberski mike.boberski at gmail.com
Sat Jan 23 12:06:41 EST 2010


I agree this is very important.

The numbering scheme is finalized, but will take time to implement across
guides.

Here, I have added a paragraph to the project page that Lorna, if she is
able, can use:

http://www.owasp.org/index.php/Common_OWASP_Numbering

Best,

Mike


On Sat, Jan 23, 2010 at 11:55 AM, <rick.mitchell at bell.ca> wrote:

>  I guess it's not a majorly big deal until it's finalized, but, I also
> think it's a huge step in a good direction for the OWASP projects so it's
> kind of important.
>
> Rick
>
>  ------------------------------
> *From:* Mike Boberski [mailto:mike.boberski at gmail.com]
> *Sent:* January 23, 2010 11:44 AM
> *To:* Brad Causey
> *Cc:* Mitchell, Rick (6030318); owasp-guide at lists.owasp.org;
> owasp-application-security-verification-standard at lists.owasp.org;
> owasp-topten at lists.owasp.org; global-projects-committee at lists.owasp.org;
> owasp-testing at lists.owasp.org
> *Subject:* Re: [Owasp-topten] [Owasp-testing] RFC: Common numbering
> proposal # 3
>
> Perhaps Lorna can sneak something in when the corrected edition is
> published with the complete list of organizational supporters.
>
> The numbering scheme is set, the top of the page is correct, the further
> examples using the new mappings below it do not need to be completed (I've
> zeroed them out and put a placeholder instruction) in order to write about
> it, if desired. I will create and post a project presentation either this
> weekend or early next week, to keep things moving.
>
> Lorna, if you could do us a solid on this, please email me directly, I'll
> provide a paragraph that you can use at least as a starting point, maybe a
> very simple call out box titled "Did you know?" or "Late-Breaking News" or
> something.
>
> Best,
>
> Mike
>
>
> On Sat, Jan 23, 2010 at 10:52 AM, Brad Causey <bradcausey at gmail.com>wrote:
>
>> Rick, that is probably my fault. I got confused and scattered the wiki all
>> up. Mike is waiting on me to go back and fix it, but as usual, life gets in
>> the way sometimes.
>> It is on my TODO list.
>>
>>
>> -Brad Causey
>> CISSP, MCSE, C|EH, CIFI, CGSP
>>
>> http://www.owasp.org
>> --
>> In security, an action that is not explicitly denied is inherently
>> allowed.
>> --
>>
>>
>>
>> On Sat, Jan 23, 2010 at 9:22 AM, <rick.mitchell at bell.ca> wrote:
>>
>>> Our Common Numbering initiative didn't make the Q1 Newletter :(
>>> Rick
>>>
>>> -----Original Message-----
>>> From: owasp-testing-bounces at lists.owasp.org [mailto:
>>> owasp-testing-bounces at lists.owasp.org] On Behalf Of Brad Causey
>>> Sent: January 13, 2010 5:27 PM
>>> To: GPC
>>> Cc: owasp-guide at lists.owasp.org;
>>> owasp-application-security-verification-standard at lists.owasp.org;
>>> owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
>>> Subject: Re: [Owasp-testing] [Owasp-topten] RFC: Common numbering
>>> proposal # 3
>>>
>>> And here is an example:
>>>
>>> http://www.owasp.org/index.php/Common_OWASP_Numbering
>>>
>>> I did this in a bubble, ie, without anyone to bounce it off of.
>>>
>>> Feedback requested....
>>>
>>>
>>> -Brad Causey
>>> CISSP, MCSE, C|EH, CIFI, CGSP
>>>
>>> http://www.owasp.org
>>> --
>>> Never underestimate the time, expense, and effort an opponent will expend
>>> to break a code. (Robert Morris)
>>> --
>>>
>>>
>>>
>>> On Tue, Jan 12, 2010 at 1:11 PM, Boberski, Michael [USA] <
>>> boberski_michael at bah.com> wrote:
>>> > Here, you can kick the tires on this, expanding and collapsing the TOC
>>> tree control:
>>> >
>>> > http://code.google.com/p/owasp-development-guide/wiki/Introduction?tm=
>>> > 6
>>> >
>>> > Any other comments, keep 'em coming!
>>> >
>>> > Best,
>>> >
>>> > Mike B.
>>> >
>>> > -----Original Message-----
>>> > From: Mike Boberski [mailto:mike.boberski at gmail.com]
>>> > Sent: Tuesday, January 12, 2010 8:22 AM
>>> > To: Bil Corry; Boberski, Michael [USA]; owasp-topten at lists.owasp.org
>>> > Subject: Re: [Owasp-topten] RFC: Common numbering proposal # 3
>>> >
>>> > You got it, stay tuned
>>> >
>>> > On 1/12/10, Bil Corry <bil at corry.biz> wrote:
>>> >> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
>>> >>> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for
>>> >>> a next proposal, refined based on inputs provided so far.
>>> >>
>>> >> An exercise we did with the Threat Classification numbering system
>>> >> was to actually use the the various proposed numbering systems in a
>>> >> sample document and see what they looked like when used.  It didn't
>>> >> take long to see that a simple numbering system worked best:
>>> >>
>>> >>
>>> >> http://projects.webappsec.org/Threat-Classification-Reference-Grid
>>> >>
>>> >> So my suggestion would be to find some sample documents where the
>>> >> numbers would be used, and try plugging in a few variations and see
>>> >> how they read/look.
>>> >>
>>> >>
>>> >> - Bil
>>> >>
>>> >> _______________________________________________
>>> >> Owasp-topten mailing list
>>> >> Owasp-topten at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>> >>
>>> >
>>> >
>>> > --
>>> > Mike
>>> > _______________________________________________
>>> > Owasp-topten mailing list
>>> > Owasp-topten at lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/owasp-topten
>>> >
>>> _______________________________________________
>>> Owasp-testing mailing list
>>> Owasp-testing at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>
>>
>>
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100123/57981431/attachment.html 


More information about the Owasp-guide mailing list