[OWASP-LEADERS] Re: [OWASP-VULNXML] VulnXML: Call for test / feedback

dave at immunitysec.com dave at immunitysec.com
Tue Jun 10 10:20:30 EDT 2003

Here's my feedback:

The GUI is a bit hard to get used to - eventually I kinda figured out what
was going on, but a few examples next to the form wouldn't hurt. For
example, I had no idea what to fill in on one page (scheme? host? port?)

My MediaServices proposal is there now. Can I suggest we have some
"macros" that make life easy. Like "if file exists" and a few other
basics. Eventually this will be used by people who arn't really experts at
vulnerability analysis, and don't know the format of a VulnXML file or the
implementation of a VulnXML execution engine (and don't WANT to). Heck,
I'm trying to forget myself. :>

Oh, also, how do you download just one VulnXML file? I couldn't figure
that out either.


> Hi folks.
> The VulnXML database entry editor is now complete.
> After a number of re-iterations the OCL (OWASP Common Library)
> now comes with a lean and easy-to-use html-based
> editor component.
> VulnXML's entry editor is based upon that library.
> Please check out the editor at
> Either register as a new member or use the test admin account
> "admin/testtest" and then try "propose entry".
> Now that the "technical" part is nearly complete, we need to
> start the textual work on VulnXML.
> Please give some feedback regarding
> - usability (layout, components)
> - compatibility (different browsers)
> - sense / non-sense of the VulnXML description
>   (i.e. the current DTD)
> It would be really great, if someone could add some real-life
> examples and try to use them with a suited tool.
> Please check our sf CVS repository for source codes.
> (cf. http://sourceforge.net/cvs/?group_id=64424)
> I will add new releases of OCL / VulnXML once I got some
> feedback / bug reports.
> I will add the review stuff (approval work flow) within the
> next weeks.
> Kind regards
> Ingo
> --
> Ingo Struck, Software Engineer
> istr at sferix.com, 0177 510 25 83
> -------------------------------------------------------
> This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
> thread debugger on the planet. Designed with thread debugging features
> you've never dreamed of, try TotalView 6 free at www.etnus.com.
> _______________________________________________
> owasp-vulnxml mailing list
> owasp-vulnxml at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-vulnxml

More information about the OWASP-Leaders mailing list