[Owasp-testing] [Owasp-topten] [OWASP ASVS] [Owasp-guide] RFC: Commonnumbering proposal # 2
Boberski, Michael [USA]
boberski_michael at bah.com
Fri Jan 8 10:58:07 EST 2010
I agree, that's a better way to put it/to thing about it, in terms of developing a namespace. Andrew's comments are also along the lines of being more clear about project acronyms. I will take this advice when I put out a next proposal, thank you!
From: Steven M. Christey [mailto:coley at linus.mitre.org]
Sent: Friday, January 08, 2010 10:52 AM
To: Boberski, Michael [USA]
Cc: Calderon, Juan Carlos (GE, Corporate, consultant); Andrew van der Stock; owasp-guide at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-topten] [Owasp-testing] [OWASP ASVS] [Owasp-guide] RFC: Commonnumbering proposal # 2
On Fri, 8 Jan 2010, Boberski, Michael [USA] wrote:
> That's what I was thinking as well, it's a bit of advertising to
> somehow include "OWASP" in the identifiers.
We use our project acronym in all the MITRE-led standards - CVE-2009-0012, OVAL12, cpe:/a:microsoft:windows-nt:2008, etc. It's not "advertising" so much as carving up your own namespace. Whatever scheme you adopt, there will likely be other efforts in the world that use a similar scheme, which makes it more time-consuming for somebody to search for your ID on the web, for example.
More information about the Owasp-testing