[Owasp-testing] [Owasp-topten] RFC: Common numbering proposal # 3

rick.mitchell at bell.ca rick.mitchell at bell.ca
Sat Jan 23 11:55:35 EST 2010


I guess it's not a majorly big deal until it's finalized, but, I also think it's a huge step in a good direction for the OWASP projects so it's kind of important.

Rick

________________________________
From: Mike Boberski [mailto:mike.boberski at gmail.com]
Sent: January 23, 2010 11:44 AM
To: Brad Causey
Cc: Mitchell, Rick (6030318); owasp-guide at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-topten at lists.owasp.org; global-projects-committee at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-topten] [Owasp-testing] RFC: Common numbering proposal # 3

Perhaps Lorna can sneak something in when the corrected edition is published with the complete list of organizational supporters.

The numbering scheme is set, the top of the page is correct, the further examples using the new mappings below it do not need to be completed (I've zeroed them out and put a placeholder instruction) in order to write about it, if desired. I will create and post a project presentation either this weekend or early next week, to keep things moving.

Lorna, if you could do us a solid on this, please email me directly, I'll provide a paragraph that you can use at least as a starting point, maybe a very simple call out box titled "Did you know?" or "Late-Breaking News" or something.

Best,

Mike


On Sat, Jan 23, 2010 at 10:52 AM, Brad Causey <bradcausey at gmail.com<mailto:bradcausey at gmail.com>> wrote:
Rick, that is probably my fault. I got confused and scattered the wiki all up. Mike is waiting on me to go back and fix it, but as usual, life gets in the way sometimes.
It is on my TODO list.


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
In security, an action that is not explicitly denied is inherently allowed.
--



On Sat, Jan 23, 2010 at 9:22 AM, <rick.mitchell at bell.ca<mailto:rick.mitchell at bell.ca>> wrote:
Our Common Numbering initiative didn't make the Q1 Newletter :(
Rick

-----Original Message-----
From: owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org> [mailto:owasp-testing-bounces at lists.owasp.org<mailto:owasp-testing-bounces at lists.owasp.org>] On Behalf Of Brad Causey
Sent: January 13, 2010 5:27 PM
To: GPC
Cc: owasp-guide at lists.owasp.org<mailto:owasp-guide at lists.owasp.org>; owasp-application-security-verification-standard at lists.owasp.org<mailto:owasp-application-security-verification-standard at lists.owasp.org>; owasp-topten at lists.owasp.org<mailto:owasp-topten at lists.owasp.org>; owasp-testing at lists.owasp.org<mailto:owasp-testing at lists.owasp.org>
Subject: Re: [Owasp-testing] [Owasp-topten] RFC: Common numbering proposal # 3

And here is an example:

http://www.owasp.org/index.php/Common_OWASP_Numbering

I did this in a bubble, ie, without anyone to bounce it off of.

Feedback requested....


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will expend to break a code. (Robert Morris)
--



On Tue, Jan 12, 2010 at 1:11 PM, Boberski, Michael [USA] <boberski_michael at bah.com<mailto:boberski_michael at bah.com>> wrote:
> Here, you can kick the tires on this, expanding and collapsing the TOC tree control:
>
> http://code.google.com/p/owasp-development-guide/wiki/Introduction?tm=
> 6
>
> Any other comments, keep 'em coming!
>
> Best,
>
> Mike B.
>
> -----Original Message-----
> From: Mike Boberski [mailto:mike.boberski at gmail.com<mailto:mike.boberski at gmail.com>]
> Sent: Tuesday, January 12, 2010 8:22 AM
> To: Bil Corry; Boberski, Michael [USA]; owasp-topten at lists.owasp.org<mailto:owasp-topten at lists.owasp.org>
> Subject: Re: [Owasp-topten] RFC: Common numbering proposal # 3
>
> You got it, stay tuned
>
> On 1/12/10, Bil Corry <bil at corry.biz<mailto:bil at corry.biz>> wrote:
>> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
>>> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for
>>> a next proposal, refined based on inputs provided so far.
>>
>> An exercise we did with the Threat Classification numbering system
>> was to actually use the the various proposed numbering systems in a
>> sample document and see what they looked like when used.  It didn't
>> take long to see that a simple numbering system worked best:
>>
>>
>> http://projects.webappsec.org/Threat-Classification-Reference-Grid
>>
>> So my suggestion would be to find some sample documents where the
>> numbers would be used, and try plugging in a few variations and see
>> how they read/look.
>>
>>
>> - Bil
>>
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org<mailto:Owasp-topten at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>
>
>
> --
> Mike
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org<mailto:Owasp-topten at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org<mailto:Owasp-testing at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-testing


_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org<mailto:Owasp-topten at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-topten


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100123/7c54a5f3/attachment.html 


More information about the Owasp-testing mailing list