[Owasp-threat-modelling-project] Glossary of Terms
John.Steven at owasp.org
Tue Apr 19 11:15:19 EDT 2011
I promised a glossary of terms. Please find its links here:
Comparing this to material I found on the OWASP wiki, there's
disparity. The wiki edits themselves are not consistent. My personal
opinion is that the wiki material ranges in quality from poor to quite
high. I didn't touch that material because I figured, in the end,
updating it would be part of this group's charter as a whole.
Regarding Cigital material, the published glossary differs as I
thought it important to reference external source material where
possible. This resulted in a more general perspective as external
materials don't possess as much of the software-centric skew that
material such as McGraw's "Building Security In" does.
Perhaps we can, amongst other important topics, discuss this on our call.
On Fri, Apr 15, 2011 at 8:00 AM, John Steven <John.Steven at owasp.org> wrote:
> I have prior commitments which will preclude me from making the phone
> call today but I'll attempt, over the weekend, to quickly build a
> "list of definitions" of the terms we've been discussing. For the very
> reason that they are so inconsistently used, we made such a list a
> while ago at Cigital to help train our people.
> I'll dig it up, update the correlation with newer threat modeling
> techniques, and put it up on our discussion page.
> On Fri, Apr 15, 2011 at 7:17 AM, Antonio Fontes
> <antonio.fontes at owasp.org> wrote:
>> hi Tony,
>> count me in -> Apr. 22nd 4pm EST -> 11pm GMT+1 (Switzerland)
>> Connect to OWASP Geneva:
>> website: https://owasp.ch/geneva
>> mailing list: https://lists.owasp.org/mailman/listinfo/owasp-Geneva
>> On 4/14/2011 3:44 PM, Tony UV wrote:
>>> I suggest 4pm EST U.S in order to get a lot of the Euro crowd to be awake
>>> and on the call. May not be accommodating to our friends in Asia Pacific.
>>> Honestly, we'll have to alternate times between meetings.
>>> Anurag, we should have two alternating times for each meeting that may be
>>> forthcoming. Say 4pm EST U.S and 7 am EST U.S or whatever else? I suppose
>>> its first important to see the demographics of our group first to pin point
>>> these times. Can ppl email their current timezone?
>>> Tony UcedaVelez, CISM, CISA, GSEC
>>> Atlanta Chapter President
>>> Membership Committee Global Board Member
>>> OWASP Atlanta
>>> Twitter: @versprite
>>> -----Original Message-----
>>> From: owasp-threat-modelling-project-bounces at lists.owasp.org
>>> [mailto:owasp-threat-modelling-project-bounces at lists.owasp.org] On Behalf Of
>>> Antonio Fontes
>>> Sent: Thursday, April 14, 2011 9:40 AM
>>> To: owasp-threat-modelling-project at lists.owasp.org
>>> Subject: Re: [Owasp-threat-modelling-project] Welcome to OWASP Threat
>>> Modeling project
>>>> 1. Do you guys want a weekday or weekend. Both works for me.
>>> both okay for me
>>>> 2. I would prefer an evening time for US folks but I am open to what works
>>>> for everyone.
>>> What is evening time for you and on which coast? Evening time on US east
>>> coast means 3-6am in Europe :)
>>>> 3. Tentative date - April 20th or Apr 22nd. This gives everyone a 5-7 days
>>>> lead time. If these dates don't work, let me know.
>>> both dates okay for me
More information about the Owasp-threat-modelling-project