[Owasp-testing] Proposed OWASP Common Requirements Numbering Scheme

rick.mitchell at bell.ca rick.mitchell at bell.ca
Tue Nov 15 09:55:41 EST 2011


Does anyone have any further thoughts on this? Does anyone know what's going on with the common numbering project?

Rick


----- Original message(s) -----

Today's Topics:

   1. Re: Proposed OWASP Common Requirements Numbering	Scheme
      Format (rick.mitchell at bell.ca)
   2. Re: Proposed OWASP Common Requirements Numbering Scheme
      Format (Nam Nguyen)


----------------------------------------------------------------------

Date: Thu, 12 May 2011 21:25:49 +0700
From: Nam Nguyen <namn at bluemoon.com.vn>
Subject: Re: [Owasp-testing] Proposed OWASP Common Requirements
	Numbering Scheme Format
To: owasp-testing at lists.owasp.org
Message-ID: <20110512212549.220b5200.namn at bluemoon.com.vn>
Content-Type: text/plain; charset=UTF-8

Rick,

Your argument makes a lot of senses. Yea, if it is a common numbering scheme then the document code seems redundant.

-- 
Nam Nguyen, CISA, CISSP, CSSLP
Blue Moon Consulting Co., Ltd
http://www.bluemoon.com.vn


On Thu, 12 May 2011 08:19:39 -0400
"rick.mitchell at bell.ca" <rick.mitchell at bell.ca> wrote:

> Hey I was reviewing https://www.owasp.org/index.php/Common_OWASP_Numbering#tab=OWASP_Common_Requirements_Numbering_Scheme this morning and it occurred to me that we shouldn't need the identifier in element one. If we're moving towards a common reference/number there should be no need to indicate a document code as the first element. Especially if the 4th optional element is for legacy identifiers.
> 
> Examples from the page:
> OCR-AUTHN-01
> OCR-AUTHN-02
> OCR-AUTHN-02.01
> OCR-AUTHN-03
> OCR-INPVAL-01
> OCR-INPVAL-02
> 
> Reference from the page:
>     1st Element - Document code (OCR=OWASP Common Requirements Number, ODG=OWASP Development Guide, OTG=OWASP Testing Guide, OCG=OWASP Code Review Guide, others reserved)
>     2nd Element - Requirement Area (major)
>     3rd Element - Detailed Requirement Identifier (minor with up to one sublevel (e.g., .01, .02)
>     4th Element (Optional: DEPRECATED, or # for iterations, or legacy identifiers)
> 
> 

_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing


End of Owasp-testing Digest, Vol 45, Issue 1
********************************************


More information about the Owasp-testing mailing list