[Owasp-testing] Progress/status of v4?

rick.mitchell at bell.ca rick.mitchell at bell.ca
Tue Apr 12 08:53:06 EDT 2011


Is there an official plan yet for production of v4? Will all the v3 content be copied to a new heading/section of the wiki for editing and addition of new content similar to what we did for v3? 
Also does anyone know what's going on with Common Numbering or Common Requirements? Are we waiting for this to be fleshed out before starting v4 development? I see that a draft has been put up that covers AUTH which is broken into 31 sub-sections, which seems extreme given that the entire TGv3 only has 66 subsections. In the "Roadmap" presentation which is up for v4 there are only about 20 sub-sections listed under Authentication & Authorization. None of this is a bad thing by any means it just kind of suggests that TGv4 is going to be significantly longer than v3. 

https://www.owasp.org/index.php/Common_OWASP_Numbering
The "OWASP Common Requirements Numbering Scheme" tab seems to have authentication as AUTHN while the "DRAFT" tab seems to have it as AUTH, I know it's early but we'll have to ensure we're consistent. Is the testing guide to be the first document to leverage the common requirements scheme? Or are there plans to try to align multiple documents at the same time? (Dev guide, etc) Is there any plan to address additions to or changes to the Common Requirements line-up between official releases of OWASP docs? i.e.: We prepare the TG and it covers anything but then later when preparing an update of the Dev Guide that team notices that we've missed something in the Common Requirements line-up. Will additions to Common Requirements simply result in new headings being added all docs that depend on it with a "To Be Completed" placeholder for content?

--------------------------------
Rick Mitchell 
Security Analyst, Security Testing and Incident Response Team
Bell Business Markets
Phone: 613-785-4019
Email: rick.mitchell at bell.ca
  




More information about the Owasp-testing mailing list