[Owasp-threat-modelling-project] Glossary of Terms

Tue Apr 19 11:15:19 EDT 2011

All,

I promised a glossary of terms. Please find its links here:

https://groups.google.com/group/novaowasp_threatmodeling/browse_thread/thread/1159368df1ab6316

Comparing this to material I found on the OWASP wiki, there's
disparity. The wiki edits themselves are not consistent. My personal
opinion is that the wiki material ranges in quality from poor to quite
high. I didn't touch that material because I figured, in the end,
updating it would be part of this group's charter as a whole.
Regarding Cigital material, the published glossary differs as I
thought it important to reference external source material where
possible. This resulted in a more general perspective as external
materials don't possess as much of the  software-centric skew that
material such as McGraw's "Building Security In" does.

Perhaps we can, amongst other important topics, discuss this on our call.
-jOHN
-- 
Phone: 703.727.4034
Rss: http://feeds.feedburner.com/M1splacedOnTheWeb

On Fri, Apr 15, 2011 at 8:00 AM, John Steven <John.Steven at owasp.org> wrote:
> All,
>
> I have prior commitments which will preclude me from making the phone
> call today but I'll attempt, over the weekend, to quickly build a
> "list of definitions" of the terms we've been discussing. For the very
> reason that they are so inconsistently used, we made such a list a
> while ago at Cigital to help train our people.
>
> I'll dig it up, update the correlation with newer threat modeling
> techniques, and put it up on our discussion page.
>
> -jOHN
>
> On Fri, Apr 15, 2011 at 7:17 AM, Antonio Fontes
> <antonio.fontes at owasp.org> wrote:
>>
>> hi Tony,
>> count me in -> Apr. 22nd 4pm EST -> 11pm GMT+1 (Switzerland)
>>
>> antonio
>>
>> --
>> Connect to OWASP Geneva:
>> website: https://owasp.ch/geneva
>> mailing list: https://lists.owasp.org/mailman/listinfo/owasp-Geneva
>>
>> On 4/14/2011 3:44 PM, Tony UV wrote:
>>> I suggest 4pm EST U.S in order to get a lot of the Euro crowd to be awake
>>> and on the call.  May not be accommodating to our friends in Asia Pacific.
>>> Honestly, we'll have to alternate times between meetings.
>>>
>>> Anurag, we should have two alternating times for each meeting that may be
>>> forthcoming.  Say 4pm EST U.S and 7 am EST U.S or whatever else?  I suppose
>>> its first important to see the demographics of our group first to pin point
>>> these times. Can ppl email their current timezone?
>>>
>>> Tony UcedaVelez, CISM, CISA, GSEC
>>> Atlanta Chapter President
>>> Membership Committee Global Board Member
>>> OWASP Atlanta
>>> http://www.owasp.org/index.php/Atlanta_Georgia
>>> Twitter: @versprite
>>>
>>>
>>> -----Original Message-----
>>> From: owasp-threat-modelling-project-bounces at lists.owasp.org
>>> [mailto:owasp-threat-modelling-project-bounces at lists.owasp.org] On Behalf Of
>>> Antonio Fontes
>>> Sent: Thursday, April 14, 2011 9:40 AM
>>> To: owasp-threat-modelling-project at lists.owasp.org
>>> Subject: Re: [Owasp-threat-modelling-project] Welcome to OWASP Threat
>>> Modeling project
>>>
>>>
>>>> 1. Do you guys want a weekday or weekend. Both works for me.
>>>
>>> both okay for me
>>>
>>>> 2. I would prefer an evening time for US folks but I am open to what works
>>>> for everyone.
>>>
>>> What is evening time for you and on which coast? Evening time on US east
>>> coast means 3-6am in Europe :)
>>>
>>>> 3. Tentative date - April 20th or Apr 22nd. This gives everyone a 5-7 days
>>>> lead time. If these dates don't work, let me know.
>>>
>>> both dates okay for me