[Owasp-testing] Proposed OWASP Common Requirements Numbering Scheme

Dave Wichers dave.wichers at owasp.org
Tue Nov 15 14:04:21 EST 2011


Its stalled in my court.  I worked on it to get the 2 biggest sections 2,
received lots of great feedback from Colin Watson that I need to think hard
about/address and it got stuck there. I'm not sure if I have the cycles to
finish this and its been stuck for like 6 months.

If someone else wants to take a crack at the next section or work with me to
address Colin's comments and then work on the next section I'd probably be
able to help with guidance and review but I won't have the cycles for a
while to pick this up again.

-Dave

-----Original Message-----
From: rick.mitchell at bell.ca [mailto:rick.mitchell at bell.ca] 
Sent: Tuesday, November 15, 2011 9:56 AM
To: owasp-testing at lists.owasp.org; dave.wichers at owasp.org
Subject: RE: Proposed OWASP Common Requirements Numbering Scheme

Does anyone have any further thoughts on this? Does anyone know what's going
on with the common numbering project?

Rick


----- Original message(s) -----

Today's Topics:

   1. Re: Proposed OWASP Common Requirements Numbering	Scheme
      Format (rick.mitchell at bell.ca)
   2. Re: Proposed OWASP Common Requirements Numbering Scheme
      Format (Nam Nguyen)


----------------------------------------------------------------------

Date: Thu, 12 May 2011 21:25:49 +0700
From: Nam Nguyen <namn at bluemoon.com.vn>
Subject: Re: [Owasp-testing] Proposed OWASP Common Requirements
	Numbering Scheme Format
To: owasp-testing at lists.owasp.org
Message-ID: <20110512212549.220b5200.namn at bluemoon.com.vn>
Content-Type: text/plain; charset=UTF-8

Rick,

Your argument makes a lot of senses. Yea, if it is a common numbering scheme
then the document code seems redundant.

-- 
Nam Nguyen, CISA, CISSP, CSSLP
Blue Moon Consulting Co., Ltd
http://www.bluemoon.com.vn


On Thu, 12 May 2011 08:19:39 -0400
"rick.mitchell at bell.ca" <rick.mitchell at bell.ca> wrote:

> Hey I was reviewing
https://www.owasp.org/index.php/Common_OWASP_Numbering#tab=OWASP_Common_Requ
irements_Numbering_Scheme this morning and it occurred to me that we
shouldn't need the identifier in element one. If we're moving towards a
common reference/number there should be no need to indicate a document code
as the first element. Especially if the 4th optional element is for legacy
identifiers.
> 
> Examples from the page:
> OCR-AUTHN-01
> OCR-AUTHN-02
> OCR-AUTHN-02.01
> OCR-AUTHN-03
> OCR-INPVAL-01
> OCR-INPVAL-02
> 
> Reference from the page:
>     1st Element - Document code (OCR=OWASP Common Requirements Number,
ODG=OWASP Development Guide, OTG=OWASP Testing Guide, OCG=OWASP Code Review
Guide, others reserved)
>     2nd Element - Requirement Area (major)
>     3rd Element - Detailed Requirement Identifier (minor with up to one
sublevel (e.g., .01, .02)
>     4th Element (Optional: DEPRECATED, or # for iterations, or legacy
identifiers)
> 
> 

_______________________________________________
Owasp-testing mailing list
Owasp-testing at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-testing


End of Owasp-testing Digest, Vol 45, Issue 1
********************************************



More information about the Owasp-testing mailing list