[Owasp-topten] Common numbering proposal # 3
Boberski, Michael [USA]
boberski_michael at bah.com
Mon Jan 11 09:57:39 EST 2010
Rick, good points.
If one looks at each document/guide's instantiation of a requirement as an iteration of a given base requirement though, we'd still need a document code.
The 14-40 are in the near term intended to allow for a transition from existing numbering schemes in a next release of a given guide, then used in the long term primarily for retiring numbers.
The above said, I'm going to think through paragraph "If for client reporting etc" further...
Any other comments, keep 'em coming!
From: rick.mitchell at bell.ca [mailto:rick.mitchell at bell.ca]
Sent: Monday, January 11, 2010 9:46 AM
To: Boberski, Michael [USA]; owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: RE: Common numbering proposal # 3
Great work so far everyone.
Just a few thoughts:
Your forth example: "OWASP-TG-0604-DV-005", references the Testing Guide by 0604 which doesn't exist. Is the plan to renumber the testing guide (and other docs) before creating the mapping? If mapping is no longer the end goal but rather a common numbering scheme, then a document reference shouldn't be needed at location 6-7. The numbering scheme should be totally separate from all documents and all OWASP documents should be expected to adhere to it (IMHO).
i.e.: Examples 3 and 4:
Should really be the same thing: OWASP-0604.
If for client reporting etc. some traditional or historic reference is required then this could be included at the end of the new common identifier as you've suggested on the wiki for proposal 3 (with the inclusion of the document identifier, i.e.: OWASP-0604-TGDV-005 or OWASP-0604-TG-DV-005).
Just my 2 cents.
From: owasp-testing-bounces at lists.owasp.org [mailto:owasp-testing-bounces at lists.owasp.org] On Behalf Of Boberski, Michael [USA]
Sent: January 11, 2010 9:14 AM
To: owasp-testing at lists.owasp.org; owasp-topten at lists.owasp.org; owasp-application-security-verification-standard at lists.owasp.org; owasp-guide at lists.owasp.org
Subject: [Owasp-testing] RFC: Common numbering proposal # 3
Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for a next proposal, refined based on inputs provided so far.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten