[Owasp-topten] RFC: Common numbering proposal # 3

Brad Causey bradcausey at gmail.com
Tue Jan 12 13:43:04 EST 2010


Mike and others,

the latest convention up on the wiki is definitely a great one. I'm
in. How can I help?

-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will
expend to break a code. (Robert Morris)
--



On Tue, Jan 12, 2010 at 7:22 AM, Mike Boberski <mike.boberski at gmail.com> wrote:
> You got it, stay tuned
>
> On 1/12/10, Bil Corry <bil at corry.biz> wrote:
>> Boberski, Michael [USA] wrote on 1/11/2010 6:14 AM:
>>> Please see http://www.owasp.org/index.php/Common_OWASP_Numbering for a
>>> next proposal, refined based on inputs provided so far.
>>
>> An exercise we did with the Threat Classification numbering system was to
>> actually use the the various proposed numbering systems in a sample document
>> and see what they looked like when used.  It didn't take long to see that a
>> simple numbering system worked best:
>>
>>       http://projects.webappsec.org/Threat-Classification-Reference-Grid
>>
>> So my suggestion would be to find some sample documents where the numbers
>> would be used, and try plugging in a few variations and see how they
>> read/look.
>>
>>
>> - Bil
>>
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>
>
>
> --
> Mike
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>


More information about the Owasp-topten mailing list