[Owasp-common-numbering] Project Status?
Mitchell, Rick (6030318)
rick.mitchell at bell.ca
Thu Oct 16 11:29:27 UTC 2014
Hi Richard, I think there have been a few contributing factors.
1) Coming up with a unified solution across OWASP deliverables is REALLY non-trivial, especially given that various projects have different perspectives (builders, breakers, defenders).
2) Lots of good ideas but no consensus.
5) Time. Really getting this done in a reasonable/useful manner could represent a full time job for someone for 6mo to a year.
If someone wants to revive this I’d be glad to provide some input.
From: owasp-common-numbering-bounces at lists.owasp.org [mailto:owasp-common-numbering-bounces at lists.owasp.org] On Behalf Of Richard Quinn
Sent: Thursday, October 16, 2014 5:54 AM
To: owasp-common-numbering at lists.owasp.org
Subject: [Owasp-common-numbering] Project Status?
It appears that this project is inactive, am I wrong?
That would be a shame. Why did it become inactive?
There is a definite need to unify the numbering of security controls (referred to as requirements in the OCR project) and to map these to vulnerabilities (such as those enumerated the top 10), verification activities (as enumerated in ASVS), mitigation strategies (as enumerated in the cheat sheets) and to external references such as CWE, SafeCode and WASC.
There is also a definite need to revive the Data Exchange Format program, and integrate OCR and DEF.
In short, I would like to help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-common-numbering