[Owasp-common-numbering] Project Status?

Richard Quinn richard.quinn at owasp.org
Thu Oct 16 16:14:53 UTC 2014


Hi Rick,

Thanks, I see why the time demands can be huge: the scope is huge!

I was considering creating an RDF/OWL ontology mapping various OWASP
classes (weakness, vulnerability, control, mitigation) and various objects
(CWE entries, OWASP top 10, CAPEC entries, ASVS elements, cheat sheets).
The ontology itself contains the knowledge, enriching it with a numbering
scheme would be simple. Adding URIs to the various entries would be trivial
if laborious.

I think this would add value (at least to me). If it gains adoption by
other OWASP projects then there is no harm in that. Making adoption the
goal is, I think, the element which adds huge time requirements. Was that
your experience?

-Richard



On Thu, Oct 16, 2014 at 1:29 PM, Mitchell, Rick (6030318) <
rick.mitchell at bell.ca> wrote:

> Hi Richard, I think there have been a few contributing factors.
>
>
>
> 1)      Coming up with a unified solution across OWASP deliverables is
> REALLY non-trivial, especially given that various projects have different
> perspectives (builders, breakers, defenders).
>
> 2)      Lots of good ideas but no consensus.
>
> 3)      Time.
>
> 4)      Time.
>
> 5)      Time. Really getting this done in a reasonable/useful manner
> could represent a full time job for someone for 6mo to a year.
>
>
>
> If someone wants to revive this I’d be glad to provide some input.
>
>
>
> Rick
>
>
>
> *From:* owasp-common-numbering-bounces at lists.owasp.org [mailto:
> owasp-common-numbering-bounces at lists.owasp.org] *On Behalf Of *Richard
> Quinn
> *Sent:* Thursday, October 16, 2014 5:54 AM
> *To:* owasp-common-numbering at lists.owasp.org
> *Subject:* [Owasp-common-numbering] Project Status?
>
>
>
> Hi All,
>
>
>
> It appears that this project is inactive, am I wrong?
>
>
>
> That would be a shame. Why did it become inactive?
>
>
>
> There is a definite need to unify the numbering of security controls
> (referred to as requirements in the OCR project) and to map these to
> vulnerabilities (such as those enumerated the top 10), verification
> activities (as enumerated in ASVS), mitigation strategies (as enumerated in
> the cheat sheets) and to external references such as CWE, SafeCode and WASC.
>
>
>
> There is also a definite need to revive the Data Exchange Format program,
> and integrate OCR and DEF.
>
>
>
> In short, I would like to help.
>
>
>
> -R
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-common-numbering/attachments/20141016/1c9d3809/attachment.html>


More information about the Owasp-common-numbering mailing list