[Owasp-leaders] OWASP vulnerability taxonomy - does it exist or not?

Paolo Perego thesp0nge at owasp.org
Mon Dec 15 17:06:15 EST 2008

Hi Stephen, I like people being so passionate. I forward you a press release
announcement I released just today.
Tomorrow, I'm planning to announce to some mailing list in order to gather

We've got taxonomy, got and hack around this... we can work together to this

On Mon, Dec 15, 2008 at 7:35 PM, Stephen Craig Evans <
stephencraig.evans at gmail.com> wrote:

> I want to use an OWASP-created  or -endorsed taxonomy. No beating
> around the bush: does it exist or not? If it does (or partially),

---8<----- Sorry for all leaders for the duplicate
Hello leaders, I'm really happy to announce a new documentation project I
started today. Our Top 10 most critical web app vulnerabilities is the
standard de facto when trying to summarize findings when you assess a web
application. And it is great.

Looking at source code assessment (or code review, or static analysis, or
whatever the name you want to use :-)), nothing like this exists. Gary
McGraw introduced the 7 kingdoms as taxonomy. I started looking at this
great job extending it to meet Owasp Top 10 like template.
I also used categories that I found useful to gather security code review
findings in.

That's why I started this Top 10 project. The goal is to provide something
useful in Owasp Code Review Guide while trying to organize security issues
and the second goal is to use it as Owasp Orizon default library cookbooks
in order to have a "fil rouge" from Code review guide and the implementing
tool. The Source code flaws Top 10 will be that fil rouge.

I really hope that everyone interested will subscribe to mailing list and
give some contributions to this document I'd like to release as beta quality
project in the next AppSec Europe 2009 in Cracow.

subscription page:


"stay hungry, stay foolish"

OWASP Orizon project, http://orizon.sourceforge.net
"enjoy your code review experience"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20081215/24d76d28/attachment.html 

More information about the OWASP-Leaders mailing list