[Owasp-guide] Common numbering proposal # 3

Boberski, Michael [USA] boberski_michael at bah.com
Mon Jan 11 10:32:14 EST 2010


Ah, got it. Makes sense... The next proposal will take OWASP-Item-Doc-Optional Deprication or Historic reference into account...

Any other comments, keep 'em coming!

Best,

Mike B.


________________________________
From: rick.mitchell at bell.ca [mailto:rick.mitchell at bell.ca]
Sent: Monday, January 11, 2010 10:26 AM
To: Boberski, Michael [USA]; owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: RE: Common numbering proposal # 3

I'm not saying that we should remove the document reference. I'm just suggesting that it should be part of the optional section. To someone (i.e.: a client I'm preparing a report for) OWASP-DG-0604 != OWASP-TG-0604 though equating/aligning all 0604s seems to be what we're trying to accomplish.

The way I understand the ultimate goal 0604 isn't really a TG or DG item it's an OWASP item that should be comon across all documents. I guess you could think of it as significant digits or something like that: OWASP-Item-Doc-Optional Deprication or Historic reference.

Rick

________________________________
From: Boberski, Michael [USA] [mailto:boberski_michael at bah.com]
Sent: January 11, 2010 9:58 AM
To: Mitchell, Rick (6030318); owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: RE: Common numbering proposal # 3

Rick, good points.

If one looks at each document/guide's instantiation of a requirement as an iteration of a given base requirement though, we'd still need a document code.

The 14-40 are in the near term intended to allow for a transition from existing numbering schemes in a next release of a given guide, then used in the long term primarily for retiring numbers.

The above said, I'm going to think through paragraph "If for client reporting etc" further...

Any other comments, keep 'em coming!

Best,

Mike B.


________________________________
From: rick.mitchell at bell.ca [mailto:rick.mitchell at bell.ca]
Sent: Monday, January 11, 2010 9:46 AM
To: Boberski, Michael [USA]; owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: RE: Common numbering proposal # 3

Great work so far everyone.

Just a few thoughts:

Your forth example: "OWASP-TG-0604-DV-005", references the Testing Guide by 0604 which doesn't exist. Is the plan to renumber the testing guide (and other docs) before creating the mapping? If mapping is no longer the end goal but rather a common numbering scheme, then a document reference shouldn't be needed at location 6-7. The numbering scheme should be totally separate from all documents and all OWASP documents should be expected to adhere to it (IMHO).

i.e.: Examples 3 and 4:
OWASP-DG-0604
OWASP-TG-0604-DV-005
Should really be the same thing: OWASP-0604.

If for client reporting etc. some traditional or historic reference is required then this could be included at the end of the new common identifier as you've suggested on the wiki for proposal 3 (with the inclusion of the document identifier, i.e.: OWASP-0604-TGDV-005 or OWASP-0604-TG-DV-005).

Just my 2 cents.

Rick

________________________________
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
Sent: January 11, 2010 9:14 AM
To: owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: [Owasp-testing] RFC: Common numbering proposal # 3

Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for a next proposal, refined based on inputs provided so far.

Best,

Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100111/29d4bbdf/attachment-0001.html 


More information about the Owasp-guide mailing list