[Owasp-testing] [OWASP ASVS] [Owasp-guide] RFC: Commonnumbering proposal # 2

Calderon, Juan Carlos (GE, Corporate, consultant) juan.calderon at ge.com
Fri Jan 8 10:00:31 EST 2010


Maybe shortening OWASP to OCN = OWASP Common Nomenclature, will make
them even more manageable. Yet having the whole name of OWASP might be
desirable
 
Regards,
-JC

________________________________

From: owasp-testing-bounces at lists.owasp.org
[mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Boberski,
Michael [USA]
Sent: Viernes, 08 de Enero de 2010 07:32 a.m.
To: Andrew van der Stock
Cc: owasp-guide at lists.owasp.org;
owasp-application-security-verification-standard at lists.owasp.org;
owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] [OWASP ASVS] [Owasp-guide] RFC:
Commonnumbering proposal # 2


Andrew, brilliant. I will update based on your comments/guidance. Thank
you!
 
Mike B.
 

________________________________

From:
owasp-application-security-verification-standard-bounces at lists.owasp.org
[mailto:owasp-application-security-verification-standard-bounces at lists.o
wasp.org] On Behalf Of Andrew van der Stock
Sent: Friday, January 08, 2010 5:14 AM
To: mike.boberski at gmail.com
Cc: owasp-guide at lists.owasp.org;
owasp-application-security-verification-standard at lists.owasp.org;
owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [OWASP ASVS] [Owasp-guide] RFC: Common numbering proposal #
2


Mike 

I like a unique, and shared identifier within all of OWASP. It might
even allow us to get the Honeycomb and other materials integrated in
finally!


My main concern is the length. 

OWASP-WEBAPP will be the primary prefix for 99% of the materials we have
today. Thus everything will start with that. 

I'd like for the WEBAPP to drop away, and become:

OWASP-CG-2009-C0604
OWASP-TC-2009-T0604
OWASP-AV-2009-V0604
OWASP-DG-2009-D0604
OWASP-TX-2010-A01

We don't need to encode values into these as they're for
cross-referencing, not stating a fact. 

There are several segments relevant to OWASP's interests I think we need
to reserve now. Some of these we have material today, and some we don't
(but should).

Architecture and Design (AR)
Education (ED)
Risk Management (RM)
Operational Risk (OR)

There will be others as we think about the SDLC in fill in the gaps. 

thanks,
Andrew

On 08/01/2010, at 12:57 PM, Mike Boberski wrote:


	Please see http://www.owasp.org/index.php/Common_OWASP_Numbering
for a next proposal, refined based on inputs provided so far.
	
	Best,
	
	Mike
	_______________________________________________
	Owasp-guide mailing list
	Owasp-guide at lists.owasp.org
	https://lists.owasp.org/mailman/listinfo/owasp-guide
	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100108/75cb7ccf/attachment.html 


More information about the Owasp-testing mailing list