[Owasp-topten] [Owasp-testing] [OWASP ASVS] [Owasp-guide] RFC: Commonnumbering proposal # 2

Steven M. Christey coley at linus.mitre.org
Fri Jan 8 10:52:14 EST 2010


On Fri, 8 Jan 2010, Boberski, Michael [USA] wrote:

> That's what I was thinking as well, it's a bit of advertising to somehow 
> include "OWASP" in the identifiers.

We use our project acronym in all the MITRE-led standards - CVE-2009-0012, 
OVAL12, cpe:/a:microsoft:windows-nt:2008, etc.  It's not "advertising" so 
much as carving up your own namespace.  Whatever scheme you adopt, there 
will likely be other efforts in the world that use a similar scheme, which 
makes it more time-consuming for somebody to search for your ID on the 
web, for example.

- Steve


More information about the Owasp-topten mailing list