[Owasp-testing] Proposed OWASP Common Requirements Numbering Scheme

Eoin eoin.keary at owasp.org
Tue Nov 15 14:22:17 EST 2011


Myself matteo and Anwarg will take it back up.
:)


 

On 15 Nov 2011, at 19:04, "Dave Wichers" <dave.wichers at owasp.org> wrote:

> Its stalled in my court.  I worked on it to get the 2 biggest sections 2,
> received lots of great feedback from Colin Watson that I need to think hard
> about/address and it got stuck there. I'm not sure if I have the cycles to
> finish this and its been stuck for like 6 months.
> 
> If someone else wants to take a crack at the next section or work with me to
> address Colin's comments and then work on the next section I'd probably be
> able to help with guidance and review but I won't have the cycles for a
> while to pick this up again.
> 
> -Dave
> 
> -----Original Message-----
> From: rick.mitchell at bell.ca [mailto:rick.mitchell at bell.ca] 
> Sent: Tuesday, November 15, 2011 9:56 AM
> To: owasp-testing at lists.owasp.org; dave.wichers at owasp.org
> Subject: RE: Proposed OWASP Common Requirements Numbering Scheme
> 
> Does anyone have any further thoughts on this? Does anyone know what's going
> on with the common numbering project?
> 
> Rick
> 
> 
> ----- Original message(s) -----
> 
> Today's Topics:
> 
>   1. Re: Proposed OWASP Common Requirements Numbering    Scheme
>      Format (rick.mitchell at bell.ca)
>   2. Re: Proposed OWASP Common Requirements Numbering Scheme
>      Format (Nam Nguyen)
> 
> 
> ----------------------------------------------------------------------
> 
> Date: Thu, 12 May 2011 21:25:49 +0700
> From: Nam Nguyen <namn at bluemoon.com.vn>
> Subject: Re: [Owasp-testing] Proposed OWASP Common Requirements
>    Numbering Scheme Format
> To: owasp-testing at lists.owasp.org
> Message-ID: <20110512212549.220b5200.namn at bluemoon.com.vn>
> Content-Type: text/plain; charset=UTF-8
> 
> Rick,
> 
> Your argument makes a lot of senses. Yea, if it is a common numbering scheme
> then the document code seems redundant.
> 
> -- 
> Nam Nguyen, CISA, CISSP, CSSLP
> Blue Moon Consulting Co., Ltd
> http://www.bluemoon.com.vn
> 
> 
> On Thu, 12 May 2011 08:19:39 -0400
> "rick.mitchell at bell.ca" <rick.mitchell at bell.ca> wrote:
> 
>> Hey I was reviewing
> https://www.owasp.org/index.php/Common_OWASP_Numbering#tab=OWASP_Common_Requ
> irements_Numbering_Scheme this morning and it occurred to me that we
> shouldn't need the identifier in element one. If we're moving towards a
> common reference/number there should be no need to indicate a document code
> as the first element. Especially if the 4th optional element is for legacy
> identifiers.
>> 
>> Examples from the page:
>> OCR-AUTHN-01
>> OCR-AUTHN-02
>> OCR-AUTHN-02.01
>> OCR-AUTHN-03
>> OCR-INPVAL-01
>> OCR-INPVAL-02
>> 
>> Reference from the page:
>>    1st Element - Document code (OCR=OWASP Common Requirements Number,
> ODG=OWASP Development Guide, OTG=OWASP Testing Guide, OCG=OWASP Code Review
> Guide, others reserved)
>>    2nd Element - Requirement Area (major)
>>    3rd Element - Detailed Requirement Identifier (minor with up to one
> sublevel (e.g., .01, .02)
>>    4th Element (Optional: DEPRECATED, or # for iterations, or legacy
> identifiers)
>> 
>> 
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
> 
> 
> End of Owasp-testing Digest, Vol 45, Issue 1
> ********************************************
> 
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing


More information about the Owasp-testing mailing list