[Owasp-testing] Proposed OWASP Common Requirements Numbering Scheme Format

rick.mitchell at bell.ca rick.mitchell at bell.ca
Thu May 12 08:19:39 EDT 2011

Hey I was reviewing https://www.owasp.org/index.php/Common_OWASP_Numbering#tab=OWASP_Common_Requirements_Numbering_Scheme this morning and it occurred to me that we shouldn't need the identifier in element one. If we're moving towards a common reference/number there should be no need to indicate a document code as the first element. Especially if the 4th optional element is for legacy identifiers.

Examples from the page:

Reference from the page:
    1st Element - Document code (OCR=OWASP Common Requirements Number, ODG=OWASP Development Guide, OTG=OWASP Testing Guide, OCG=OWASP Code Review Guide, others reserved)
    2nd Element - Requirement Area (major)
    3rd Element - Detailed Requirement Identifier (minor with up to one sublevel (e.g., .01, .02)
    4th Element (Optional: DEPRECATED, or # for iterations, or legacy identifiers)

Rick Mitchell 
Security Analyst, Security Testing and Incident Response Team
Bell Business Markets
Phone: 613-785-4019
Email: rick.mitchell at bell.ca

More information about the Owasp-testing mailing list