[Owasp-testing] [Owasp-topten] RFC: Common numbering proposal # 3

rick.mitchell at bell.ca rick.mitchell at bell.ca
Sat Jan 23 10:22:09 EST 2010


Our Common Numbering initiative didn't make the Q1 Newletter :(
Rick

-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Brad Causey
Sent: January 13, 2010 5:27 PM
To: GPC
Cc: owasp-guide at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-testing] [Owasp-topten] RFC: Common numbering proposal # 3

And here is an example:

http://www.owasp.org/index.php/Common_OWASP_Numbering

I did this in a bubble, ie, without anyone to bounce it off of.

Feedback requested....


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will expend to break a code. (Robert Morris)
--



On Tue, Jan 12, 2010 at 1:11 PM, Boberski, Michael [USA] <boberski_michael at bah.com> wrote:
> Here, you can kick the tires on this, expanding and collapsing the TOC tree control:
>
> http://code.google.com/p/owasp-development-guide/wiki/Introduction?tm=
> 6
>
> Any other comments, keep 'em coming!
>
> Best,
>
> Mike B.
>
> -----Original Message-----
> From: Mike Boberski [mailto:mike.boberski at gmail.com]
> Sent: Tuesday, January 12, 2010 8:22 AM
> To: Bil Corry; Boberski, Michael [USA]; owasp-topten at lists.owasp.org
> Subject: Re: [Owasp-topten] RFC: Common numbering proposal # 3
>
> You got it, stay tuned
>
> On 1/12/10, Bil Corry <bil at corry.biz> wrote:
>> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
>>> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for 
>>> a next proposal, refined based on inputs provided so far.
>>
>> An exercise we did with the Threat Classification numbering system 
>> was to actually use the the various proposed numbering systems in a 
>> sample document and see what they looked like when used.  It didn't 
>> take long to see that a simple numbering system worked best:
>>
>>       
>> http://projects.webappsec.org/Threat-Classification-Reference-Grid
>>
>> So my suggestion would be to find some sample documents where the 
>> numbers would be used, and try plugging in a few variations and see 
>> how they read/look.
>>
>>
>> - Bil
>>
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>
>
>
> --
> Mike
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing


More information about the Owasp-testing mailing list