[Owasp-testing] Proposed OWASP Common Requirements Numbering Scheme

Colin Watson colin.watson at owasp.org
Wed Nov 16 02:55:14 EST 2011


I will help where I can.

There is a separate mailing list at:

  https://lists.owasp.org/mailman/listinfo/owasp-common-numbering

Colin

On 15 November 2011 19:22, Eoin <eoin.keary at owasp.org> wrote:
> Myself matteo and Anwarg will take it back up.
> :)
>
>
>
>
> On 15 Nov 2011, at 19:04, "Dave Wichers" <dave.wichers at owasp.org> wrote:
>
>> Its stalled in my court.  I worked on it to get the 2 biggest sections 2,
>> received lots of great feedback from Colin Watson that I need to think hard
>> about/address and it got stuck there. I'm not sure if I have the cycles to
>> finish this and its been stuck for like 6 months.
>>
>> If someone else wants to take a crack at the next section or work with me to
>> address Colin's comments and then work on the next section I'd probably be
>> able to help with guidance and review but I won't have the cycles for a
>> while to pick this up again.
>>
>> -Dave
>>
>> -----Original Message-----
>> From: rick.mitchell at bell.ca [mailto:rick.mitchell at bell.ca]
>> Sent: Tuesday, November 15, 2011 9:56 AM
>> To: owasp-testing at lists.owasp.org; dave.wichers at owasp.org
>> Subject: RE: Proposed OWASP Common Requirements Numbering Scheme
>>
>> Does anyone have any further thoughts on this? Does anyone know what's going
>> on with the common numbering project?
>>
>> Rick
>>
>>
>> ----- Original message(s) -----
>>
>> Today's Topics:
>>
>>   1. Re: Proposed OWASP Common Requirements Numbering    Scheme
>>      Format (rick.mitchell at bell.ca)
>>   2. Re: Proposed OWASP Common Requirements Numbering Scheme
>>      Format (Nam Nguyen)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Date: Thu, 12 May 2011 21:25:49 +0700
>> From: Nam Nguyen <namn at bluemoon.com.vn>
>> Subject: Re: [Owasp-testing] Proposed OWASP Common Requirements
>>    Numbering Scheme Format
>> To: owasp-testing at lists.owasp.org
>> Message-ID: <20110512212549.220b5200.namn at bluemoon.com.vn>
>> Content-Type: text/plain; charset=UTF-8
>>
>> Rick,
>>
>> Your argument makes a lot of senses. Yea, if it is a common numbering scheme
>> then the document code seems redundant.
>>
>> --
>> Nam Nguyen, CISA, CISSP, CSSLP
>> Blue Moon Consulting Co., Ltd
>> http://www.bluemoon.com.vn
>>
>>
>> On Thu, 12 May 2011 08:19:39 -0400
>> "rick.mitchell at bell.ca" <rick.mitchell at bell.ca> wrote:
>>
>>> Hey I was reviewing
>> https://www.owasp.org/index.php/Common_OWASP_Numbering#tab=OWASP_Common_Requ
>> irements_Numbering_Scheme this morning and it occurred to me that we
>> shouldn't need the identifier in element one. If we're moving towards a
>> common reference/number there should be no need to indicate a document code
>> as the first element. Especially if the 4th optional element is for legacy
>> identifiers.
>>>
>>> Examples from the page:
>>> OCR-AUTHN-01
>>> OCR-AUTHN-02
>>> OCR-AUTHN-02.01
>>> OCR-AUTHN-03
>>> OCR-INPVAL-01
>>> OCR-INPVAL-02
>>>
>>> Reference from the page:
>>>    1st Element - Document code (OCR=OWASP Common Requirements Number,
>> ODG=OWASP Development Guide, OTG=OWASP Testing Guide, OCG=OWASP Code Review
>> Guide, others reserved)
>>>    2nd Element - Requirement Area (major)
>>>    3rd Element - Detailed Requirement Identifier (minor with up to one
>> sublevel (e.g., .01, .02)
>>>    4th Element (Optional: DEPRECATED, or # for iterations, or legacy
>> identifiers)
>>>
>>>
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
>>
>>
>> End of Owasp-testing Digest, Vol 45, Issue 1
>> ********************************************
>>
>> _______________________________________________
>> Owasp-testing mailing list
>> Owasp-testing at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-testing
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>


More information about the Owasp-testing mailing list