[Owasp-leaders] Common numbering
Mike Boberski
mike.boberski at gmail.com
Sat Jan 16 14:53:12 EST 2010
Thanks, Dan.
Just a clarification regarding the quoted text below, there is no "CWVN",
that table on that wiki page is part of Brad's working notes and will be
going away. The world doesn't need another vulnerability classification
scheme, that was not the intent of coming up with a new numbering scheme.
There is the numbering based on ASVS that includes the ability to include
legacy guide identifiers to allow for a period of transition that was
developed according to community input. The threat taxonomy in for example
the testing guide will go away. The new numbering will make it easy to
verify ASVS requirements using procedures in e.g. the testing guide.
Sorry for the confusion. Please see the development guide outline to see how
the new numbering is intended to be used across the guides.
Best,
Mike
On Sat, Jan 16, 2010 at 2:24 PM, Dan Cornell <dan at denimgroup.com> wrote:
> > That would be great! The more mappings we have with the OWASP CWVN,
> > the more likely it will be used. Thanks!
> >
>
> I created a new page and translated the mappings:
> <
> http://www.owasp.org/index.php/Common_OWASP_Numbering/Vulnerability_Classification_Mappings
> >
>
> The Wiki language is a little trickier to use than Excel, so there is a
> loss of fidelity. I'll make another run at this in a bit and try to clean
> it up a bit.
>
> Thanks,
>
> Dan
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100116/d0bd11ef/attachment.html
More information about the OWASP-Leaders
mailing list