[Owasp-testing] Common numbering proposal # 3

rick.mitchell at bell.ca rick.mitchell at bell.ca
Mon Jan 11 09:45:53 EST 2010

Great work so far everyone.

Just a few thoughts:

Your forth example: "OWASP-TG-0604-DV-005", references the Testing Guide by 0604 which doesn't exist. Is the plan to renumber the testing guide (and other docs) before creating the mapping? If mapping is no longer the end goal but rather a common numbering scheme, then a document reference shouldn't be needed at location 6-7. The numbering scheme should be totally separate from all documents and all OWASP documents should be expected to adhere to it (IMHO).

i.e.: Examples 3 and 4:
Should really be the same thing: OWASP-0604.

If for client reporting etc. some traditional or historic reference is required then this could be included at the end of the new common identifier as you've suggested on the wiki for proposal 3 (with the inclusion of the document identifier, i.e.: OWASP-0604-TGDV-005 or OWASP-0604-TG-DV-005).

Just my 2 cents.


From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
Sent: January 11, 2010 9:14 AM
To: owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: [Owasp-testing] RFC: Common numbering proposal # 3

Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for a next proposal, refined based on inputs provided so far.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100111/94beb454/attachment.html 

More information about the Owasp-testing mailing list