[Owasp-leaders] OWASP vulnerability taxonomy - does it exist or not?

Stephen Craig Evans stephencraig.evans at gmail.com
Mon Dec 15 13:35:53 EST 2008


Fortify & Gary McGraw donated a vulnerability taxonomy to the OWASP
Honeycomb Project, which seems to have been quickly absorbed by the
ASDR project.

I have kindly asked for a definitive taxonomy - it doesn't have to be
Kingdom-Category-Subcategory as originally proposed - but what I have
received so far is "check this for an example". That's not good

I want to use an OWASP-created  or -endorsed taxonomy. No beating
around the bush: does it exist or not? If it does (or partially),
please send it to me. If it doesn't, I'll make up something on my own.

Thanks in advance,

More information about the OWASP-Leaders mailing list