[Owasp-guide] [Owasp-topten] [Owasp-testing] RFC: Common numbering proposal # 3

Mike Boberski mike.boberski at gmail.com
Sat Jan 23 11:44:26 EST 2010


Perhaps Lorna can sneak something in when the corrected edition is published
with the complete list of organizational supporters.

The numbering scheme is set, the top of the page is correct, the further
examples using the new mappings below it do not need to be completed (I've
zeroed them out and put a placeholder instruction) in order to write about
it, if desired. I will create and post a project presentation either this
weekend or early next week, to keep things moving.

Lorna, if you could do us a solid on this, please email me directly, I'll
provide a paragraph that you can use at least as a starting point, maybe a
very simple call out box titled "Did you know?" or "Late-Breaking News" or
something.

Best,

Mike


On Sat, Jan 23, 2010 at 10:52 AM, Brad Causey <bradcausey at gmail.com> wrote:

> Rick, that is probably my fault. I got confused and scattered the wiki all
> up. Mike is waiting on me to go back and fix it, but as usual, life gets in
> the way sometimes.
> It is on my TODO list.
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> In security, an action that is not explicitly denied is inherently allowed.
> --
>
>
>
> On Sat, Jan 23, 2010 at 9:22 AM, <rick.mitchell at bell.ca> wrote:
>
>> Our Common Numbering initiative didn't make the Q1 Newletter :(
>> Rick
>>
>> -----Original Message-----
>> From: owasp-testing-bounces at lists.owasp.org [mailto:
>> owasp-testing-bounces at lists.owasp.org] On Behalf Of Brad Causey
>> Sent: January 13, 2010 5:27 PM
>> To: GPC
>> Cc: owasp-guide at lists.owasp.org;
>> owasp-application-security-verification-standard at lists.owasp.org;
>> owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
>> Subject: Re: [Owasp-testing] [Owasp-topten] RFC: Common numbering proposal
>> # 3
>>
>> And here is an example:
>>
>> http://www.owasp.org/index.php/Common_OWASP_Numbering
>>
>> I did this in a bubble, ie, without anyone to bounce it off of.
>>
>> Feedback requested....
>>
>>
>> -Brad Causey
>> CISSP, MCSE, C|EH, CIFI, CGSP
>>
>> http://www.owasp.org
>> --
>> Never underestimate the time, expense, and effort an opponent will expend
>> to break a code. (Robert Morris)
>> --
>>
>>
>>
>> On Tue, Jan 12, 2010 at 1:11 PM, Boberski, Michael [USA] <
>> boberski_michael at bah.com> wrote:
>> > Here, you can kick the tires on this, expanding and collapsing the TOC
>> tree control:
>> >
>> > http://code.google.com/p/owasp-development-guide/wiki/Introduction?tm=
>> > 6
>> >
>> > Any other comments, keep 'em coming!
>> >
>> > Best,
>> >
>> > Mike B.
>> >
>> > -----Original Message-----
>> > From: Mike Boberski [mailto:mike.boberski at gmail.com]
>> > Sent: Tuesday, January 12, 2010 8:22 AM
>> > To: Bil Corry; Boberski, Michael [USA]; owasp-topten at lists.owasp.org
>> > Subject: Re: [Owasp-topten] RFC: Common numbering proposal # 3
>> >
>> > You got it, stay tuned
>> >
>> > On 1/12/10, Bil Corry <bil at corry.biz> wrote:
>> >> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
>> >>> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for
>> >>> a next proposal, refined based on inputs provided so far.
>> >>
>> >> An exercise we did with the Threat Classification numbering system
>> >> was to actually use the the various proposed numbering systems in a
>> >> sample document and see what they looked like when used.  It didn't
>> >> take long to see that a simple numbering system worked best:
>> >>
>> >>
>> >> http://projects.webappsec.org/Threat-Classification-Reference-Grid
>> >>
>> >> So my suggestion would be to find some sample documents where the
>> >> numbers would be used, and try plugging in a few variations and see
>> >> how they read/look.
>> >>
>> >>
>> >> - Bil
>> >>
>> >> _______________________________________________
>> >> Owasp-topten mailing list
>> >> Owasp-topten at lists.owasp.org
>> >> https://lists.owasp.org/mailman/listinfo/owasp-topten
>> >>
>> >
>> >
>> > --
>> > Mike
>> > _______________________________________________
>> > Owasp-topten mailing list
>> > Owasp-topten at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-topten
>> >
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100123/9834d575/attachment.html 


More information about the Owasp-guide mailing list