[Owasp-topten] RFC: Common numbering proposal # 3

Bil Corry bil at corry.biz
Tue Jan 12 02:31:02 EST 2010


Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM: 
> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for a next proposal, refined based on inputs provided so far.

An exercise we did with the Threat Classification numbering system was to actually use the the various proposed numbering systems in a sample document and see what they looked like when used.  It didn't take long to see that a simple numbering system worked best:

	http://projects.webappsec.org/Threat-Classification-Reference-Grid

So my suggestion would be to find some sample documents where the numbers would be used, and try plugging in a few variations and see how they read/look.


- Bil



More information about the Owasp-topten mailing list