[Owasp-leaders] OWASP vulnerability taxonomy - does it exist or not?

Stephen Craig Evans stephencraig.evans at gmail.com
Mon Dec 15 13:35:53 EST 2008


Hi,

Fortify & Gary McGraw donated a vulnerability taxonomy to the OWASP
Honeycomb Project, which seems to have been quickly absorbed by the
ASDR project.

I have kindly asked for a definitive taxonomy - it doesn't have to be
Kingdom-Category-Subcategory as originally proposed - but what I have
received so far is "check this for an example". That's not good
enough.

I want to use an OWASP-created  or -endorsed taxonomy. No beating
around the bush: does it exist or not? If it does (or partially),
please send it to me. If it doesn't, I'll make up something on my own.

Thanks in advance,
Stephen


More information about the OWASP-Leaders mailing list