[Owasp-board] OWASP Project - Security Vulnerability Contextualization Framework
paulo.coimbra at owasp.org
Wed Dec 17 12:56:45 UTC 2008
Thank you very much for supporting our community. Your contribution is
certainly most welcomed.
I am forwarding your question to our OWASP
Global Projects and Tools Committee. After having their feedback, I will
either add you to an existent project or set up a new project page for you
to assume as project leader.
Meanwhile, I suggest glancing at our Assessment
Criteria which states the path each OWASP project ought to do so as to reach
Release Quality status.
Many thanks, best regards,
<https://www.owasp.org/index.php/Main_Page> OWASP Project Manager
From: Rafal Los [mailto:rafal at ishackingyou.com]
Sent: quarta-feira, 17 de Dezembro de 2008 08:00
To: paulo.coimbra at owasp.org
Subject: OWASP Project - Security Vulnerability Contextualization Framework
At the last OWASP in NYC, I was speaking with Tom Brennan and some of the
folks there and one of the things that's very difficult to come by is a set
of "standards", or perhaps a framework for providing context around a web
application security vulnerability. I think this would be a wonderful
project to kick off (if it already doesn't exist) as I think coming up with
a standard way of looking at a vulnerability to determine context and thus
an actual "Severity Rating" is critical to helping analysts be consistent.
The question everyone asks - when is Critical Not? In my blog post (here:
1/risk-rating-when-is-critical-not.aspx) I start the discussion, and I have
had great feedback as well... the next logical step for me is to move this
discussion forward by writing up a formal framework for "contextualizing
security defects" to more accurately address vulnerabilities as risks.
If such a project already exists, please add me to it, if possible, if not
- I would like to propose it and move forward.
Rafal (Ralph) M. Los
IT Security - Response | Mitigation | Strategy
E-mail: rafal at ishackingyou.com
Direct: +1 (404) 606-6056
- gPGP: 0xFFC63B33
- Blog: http://preachsecurity.blogspot.com
- Web: http://www.ishackingyou.com <http://www.ishackingyou.com/>
You live life online. So we put Windows on the web. Learn
<http://clk.atdmt.com/MRT/go/127032869/direct/01/> more about Windows Live
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-board