[OWASP-TESTING] WASC threats
mark at curphey.com
Thu Jul 29 08:13:59 EDT 2004
OASIS WAS is
-at an official standards body (not a vendor consortium)
-is being early adopted by several major banks (inc Fidelity) as a risk
management classification scheme
-provides a risk ranking model
-includes (and will include further) classification about code level issues
with the input of people like Fortify and Ounce)
-and was TRULY derived with industry input (WAS TC inlcudes Cisco, Visa, HP,
-is a subset on an xml schema that has seen a lot of interest from MITRE and
Remember we did the ASAC over 4 years ago !
Better to lead than follow ;-)
From: owasp-testing-admin at lists.sourceforge.net
[mailto:owasp-testing-admin at lists.sourceforge.net] On Behalf Of Daniel
Sent: Thursday, July 29, 2004 3:14 AM
Subject: [OWASP-TESTING] WASC threats
Has anyone had time to read their latest offering?
It seems to be going the same way as the OASIS WAS project.
I wonder if they are going to start releasing a testing guide of their own?
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise
J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
owasp-testing mailing list
owasp-testing at lists.sourceforge.net
More information about the Owasp-testing