[Owasp-guide] [Owasp-topten] [Owasp-testing] RFC: Common numbering proposal # 3

Mike Boberski mike.boberski at gmail.com
Sun Jan 24 21:09:15 EST 2010


ok, thx

Mike


On Sun, Jan 24, 2010 at 9:05 PM, Lorna Alamri <lorna.alamri at owasp.org>wrote:

> Hi Mike,
> Unfortunately, The newsletter was completed and sent to the board  for
> approval before your announcement regarding Common numbering. The newsletter
> was sent to the translators on 1/11/09.
> As soon as I have an approved newsletter schedule I can publish a schedule
> on which I will need news items to me by. If we are going to publish the
> newsletter and most of its translations at the same time, I will need to be
> strict on when I must have articles by and there can be no changes once the
> translators are working on their translations. It is just to confusing to
> add or change articles.  Currently the newsletter is set at 4 pages for
> printing purposes so that the newsletter can be printed out as 1 one page
> folded in half printed booklet or as two pages printed duplex. The
> newsletter is translated into Greek, Hungarian, Spanish, French, & Chinese
> for the January issue. But we will be adding Thai, Arabic, Dutch and
> Portuguese as more translators have come forward for future newsletters, so
> as you can see making any changes to newsletter articles gets very involved.
> The next Newsletter is planned to go out March 15th. I will need to have an
> approved newsletter to the translators March 5th. Which means I will be
> pulling the newsletter together starting 2/27.
>
> Now that being said, maybe I can put together a special edition for
> February or something. I've got a couple of ideas since there is a lot going
> on with the Common Numbering project,  the new OWASP for Charities project,
> and the Annual Report coming out.
>
> Lorna
>
> On Sat, Jan 23, 2010 at 10:49 AM, Mike Boberski <mike.boberski at gmail.com>wrote:
>
>> Hi Lorna. Can you help out? Please see below.
>>
>> Mike
>>
>>
>> ---------- Forwarded message ----------
>> From: Mike Boberski <mike.boberski at gmail.com>
>> Date: Sat, Jan 23, 2010 at 11:44 AM
>> Subject: Re: [Owasp-topten] [Owasp-testing] RFC: Common numbering proposal
>> # 3
>> To: Brad Causey <bradcausey at gmail.com>
>> Cc: rick.mitchell at bell.ca, owasp-guide at lists.owasp.org,
>> owasp-application-security-verification-standard at lists.owasp.org,
>> owasp-topten at lists.owasp.org, global-projects-committee at lists.owasp.org,
>> owasp-testing at lists.owasp.org
>>
>>
>> Perhaps Lorna can sneak something in when the corrected edition is
>> published with the complete list of organizational supporters.
>>
>> The numbering scheme is set, the top of the page is correct, the further
>> examples using the new mappings below it do not need to be completed (I've
>> zeroed them out and put a placeholder instruction) in order to write about
>> it, if desired. I will create and post a project presentation either this
>> weekend or early next week, to keep things moving.
>>
>> Lorna, if you could do us a solid on this, please email me directly, I'll
>> provide a paragraph that you can use at least as a starting point, maybe a
>> very simple call out box titled "Did you know?" or "Late-Breaking News" or
>> something.
>>
>> Best,
>>
>> Mike
>>
>>
>>
>> On Sat, Jan 23, 2010 at 10:52 AM, Brad Causey <bradcausey at gmail.com>wrote:
>>
>>> Rick, that is probably my fault. I got confused and scattered the wiki
>>> all up. Mike is waiting on me to go back and fix it, but as usual, life gets
>>> in the way sometimes.
>>> It is on my TODO list.
>>>
>>>
>>> -Brad Causey
>>> CISSP, MCSE, C|EH, CIFI, CGSP
>>>
>>> http://www.owasp.org
>>> --
>>> In security, an action that is not explicitly denied is inherently
>>> allowed.
>>> --
>>>
>>>
>>>
>>> On Sat, Jan 23, 2010 at 9:22 AM, <rick.mitchell at bell.ca> wrote:
>>>
>>>> Our Common Numbering initiative didn't make the Q1 Newletter :(
>>>> Rick
>>>>
>>>> -----Original Message-----
>>>> From: owasp-testing-bounces at lists.owasp.org [mailto:
>>>> owasp-testing-bounces at lists.owasp.org] On Behalf Of Brad Causey
>>>> Sent: January 13, 2010 5:27 PM
>>>> To: GPC
>>>> Cc: owasp-guide at lists.owasp.org;
>>>> owasp-application-security-verification-standard at lists.owasp.org;
>>>> owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
>>>> Subject: Re: [Owasp-testing] [Owasp-topten] RFC: Common numbering
>>>> proposal # 3
>>>>
>>>> And here is an example:
>>>>
>>>> http://www.owasp.org/index.php/Common_OWASP_Numbering
>>>>
>>>> I did this in a bubble, ie, without anyone to bounce it off of.
>>>>
>>>> Feedback requested....
>>>>
>>>>
>>>> -Brad Causey
>>>> CISSP, MCSE, C|EH, CIFI, CGSP
>>>>
>>>> http://www.owasp.org
>>>> --
>>>> Never underestimate the time, expense, and effort an opponent will
>>>> expend to break a code. (Robert Morris)
>>>> --
>>>>
>>>>
>>>>
>>>> On Tue, Jan 12, 2010 at 1:11 PM, Boberski, Michael [USA] <
>>>> boberski_michael at bah.com> wrote:
>>>> > Here, you can kick the tires on this, expanding and collapsing the TOC
>>>> tree control:
>>>> >
>>>> >
>>>> http://code.google.com/p/owasp-development-guide/wiki/Introduction?tm=
>>>> > 6
>>>> >
>>>> > Any other comments, keep 'em coming!
>>>> >
>>>> > Best,
>>>> >
>>>> > Mike B.
>>>> >
>>>> > -----Original Message-----
>>>> > From: Mike Boberski [mailto:mike.boberski at gmail.com]
>>>> > Sent: Tuesday, January 12, 2010 8:22 AM
>>>> > To: Bil Corry; Boberski, Michael [USA]; owasp-topten at lists.owasp.org
>>>> > Subject: Re: [Owasp-topten] RFC: Common numbering proposal # 3
>>>> >
>>>> > You got it, stay tuned
>>>> >
>>>> > On 1/12/10, Bil Corry <bil at corry.biz> wrote:
>>>> >> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
>>>> >>> Please see http://www.owasp.org/index.php/Common_OWASP_Numberingfor
>>>> >>> a next proposal, refined based on inputs provided so far.
>>>> >>
>>>> >> An exercise we did with the Threat Classification numbering system
>>>> >> was to actually use the the various proposed numbering systems in a
>>>> >> sample document and see what they looked like when used.  It didn't
>>>> >> take long to see that a simple numbering system worked best:
>>>> >>
>>>> >>
>>>> >> http://projects.webappsec.org/Threat-Classification-Reference-Grid
>>>> >>
>>>> >> So my suggestion would be to find some sample documents where the
>>>> >> numbers would be used, and try plugging in a few variations and see
>>>> >> how they read/look.
>>>> >>
>>>> >>
>>>> >> - Bil
>>>> >>
>>>> >> _______________________________________________
>>>> >> Owasp-topten mailing list
>>>> >> Owasp-topten at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>>> >>
>>>> >
>>>> >
>>>> > --
>>>> > Mike
>>>> > _______________________________________________
>>>> > Owasp-topten mailing list
>>>> > Owasp-topten at lists.owasp.org
>>>> > https://lists.owasp.org/mailman/listinfo/owasp-topten
>>>> >
>>>> _______________________________________________
>>>> Owasp-testing mailing list
>>>> Owasp-testing at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>>>
>>>
>>>
>>> _______________________________________________
>>> Owasp-topten mailing list
>>> Owasp-topten at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>>
>>>
>>
>>
>
>
> --
> Lorna Alamri
>
> OWASP Connections
> Dir: 651-338-0243
> skype: lorna.alamri
> lorna.alamri at owasp.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-guide/attachments/20100124/46c8b2f3/attachment.html 


More information about the Owasp-guide mailing list