[Owasp-topten] [Owasp-testing] [OWASP ASVS] [Owasp-guide] RFC: Commonnumbering proposal # 2

Boberski, Michael [USA] boberski_michael at bah.com
Fri Jan 8 10:58:07 EST 2010

I agree, that's a better way to put it/to thing about it, in terms of developing a namespace. Andrew's comments are also along the lines of being more clear about project acronyms. I will take this advice when I put out a next proposal, thank you!
Mike B.

-----Original Message-----
From: Steven M. Christey [mailto:coley at linus.mitre.org] 
Sent: Friday, January 08, 2010 10:52 AM
To: Boberski, Michael [USA]
Cc: Calderon, Juan Carlos (GE, Corporate, consultant); Andrew van der Stock; owasp-guide at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-testing at lists.owasp.org
Subject: Re: [Owasp-topten] [Owasp-testing] [OWASP ASVS] [Owasp-guide] RFC: Commonnumbering proposal # 2

On Fri, 8 Jan 2010, Boberski, Michael [USA] wrote:

> That's what I was thinking as well, it's a bit of advertising to 
> somehow include "OWASP" in the identifiers.

We use our project acronym in all the MITRE-led standards - CVE-2009-0012, OVAL12, cpe:/a:microsoft:windows-nt:2008, etc.  It's not "advertising" so much as carving up your own namespace.  Whatever scheme you adopt, there will likely be other efforts in the world that use a similar scheme, which makes it more time-consuming for somebody to search for your ID on the web, for example.

- Steve

More information about the Owasp-topten mailing list