Mark Curphey mark at curphey.com
Thu Jul 29 08:13:59 EDT 2004



-at an official standards body (not a vendor consortium)
-is being early adopted by several major banks (inc Fidelity) as a risk
management classification scheme
-provides a risk ranking model
-includes (and will include further) classification about code level issues
with the input of people like Fortify and Ounce)
-and was TRULY derived with industry input (WAS TC inlcudes Cisco, Visa, HP,
IBM etc)
-is a subset on an xml schema that has seen a lot of interest from MITRE and
the analysts

Remember we did the ASAC over 4 years ago ! 

Better to lead than follow ;-)

-----Original Message-----
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
Sent: Thursday, July 29, 2004 3:14 AM
To: owasp 
Subject: [OWASP-TESTING] WASC threats

Morning all,

Has anyone had time to read their latest offering?

It seems to be going the same way as the OASIS WAS project.

I wonder if they are going to start releasing a testing guide of their own?

This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
owasp-testing mailing list
owasp-testing at lists.sourceforge.net

More information about the Owasp-testing mailing list