[Owasp_periodic_table] My comments to the Periodic Table Survey

David Fern dfern at verizon.net
Sat Sep 7 23:20:32 UTC 2013


 
From looking at the OWASP Periodic Table Survey here
are my comments: 
 
There was a lot of good feedback.
 
This sounds like a tough bunch with differing views from
the comments.
 
Overall the idea seems to be a good one and on the
right track with some minor enhancements. This could be the tricky part as
there seems to be a variety of conflicting ideas. Additionally, there does not
appear to be much invalid information and some would like to see a bit more information
while others see it as already data overload with many unknown abbreviations. 
 
Possibly we can think of a one liner that sums up the
project such as:
 
“The
chemical periodic table displays and arranges all
the elements in the world by order of atomic number. The OWASP Periodic Table
displays, groups and arranges the root security vulnerabilities and weaknesses by
severity.”   
 
We should
be good to move forward by beefing up our solutions and add a few more details,
add the few missing suggestions, and see if there is a better way to make the
data rich chart easier to navigate, possibly with color or symbols.  
 
Impression
of each question responses: 
 
1)    Good cross section of industry representation with
higher representation in banking, E-Commerce, Testing and Web Application
Framework.
2)    Roles were mainly Pen Testers and Web Application
Developers which is good
3)    How did you hear of the project? – Multiple methods
4)    The Project Goal may need to be better communicated
5)    Will the approach succeed – Possibly if we can enhance
communication of the goals we can do better here.
6)    Tried Before? – Sound like a novel idea.
7)    Any other approached likely to succeed – It looks
like this is the right path.
8)    Are the five solution the correct approach – It looks
like they are
9)    Does the periodic Table convey the idea? – It looks
like we may need to think of some enhancements to improve the table.
10) Document detail – It looks like we
need to add more detail
11)Compact view legibility – It seems that we may want to look for
enhancements.
12) Is the periodic view good for
teaching – It sounds good
13) Does the document contain errors –
It sounds like at a high level it is good
14)3 Reasons you like the compact view - Lots of good Feedback – I think
they like the format since it is concise
15)3 Reasons you dislike the compact view – It sounds like some do not like
the data richness and the abbreviations may not be globally known
16)How can we improve the table? – Many ideas, 2 asked for color coding.
17)The working view has a lot of data – It looks like they could review less
than half.
18) Quickly find a vulnerability – We may
need to try to enhance this.
19) Two Letter Symbols – They like the
abbreviations 
20) Solution Summary – We may need to
add more detail
21) Remediation Solutions – These have
been divided correctly
22) Missing vulnerabilities, weaknesses,
of attacks missing – 1 third say yes we may need to figure out what is missing.
23)X
24)Solution Detail Template – We may want to consider what may be missing.
25)Solution Detail Correct? – It sounds like it is mostly correct.
26)Solution Recommendation Controversial? – It sounds like we got most of
the controversial items.
27)Documentation complete – We may need some small revisions
28)X
29)Credited with Signatory – Not many want to agree with the strategy

Thanks,
David
 


________________________________
 From: "owasp_periodic_table_of_vulnerabilities-request at lists.owasp.org" <owasp_periodic_table_of_vulnerabilities-request at lists.owasp.org>
To: owasp_periodic_table_of_vulnerabilities at lists.owasp.org 
Sent: Thursday, September 5, 2013 4:44 PM
Subject: Owasp_periodic_table_of_vulnerabilities Digest, Vol 6, Issue 1
 

Send Owasp_periodic_table_of_vulnerabilities mailing list submissions
to
    owasp_periodic_table_of_vulnerabilities at lists.owasp.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://lists.owasp.org/mailman/listinfo/owasp_periodic_table_of_vulnerabilities

or, via email, send a message with subject or body 'help' to
    owasp_periodic_table_of_vulnerabilities-request at lists.owasp.org

You can reach the person managing the list at
    owasp_periodic_table_of_vulnerabilities-owner at lists.owasp.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Owasp_periodic_table_of_vulnerabilities
digest..."


Today's Topics:

   1. Survey Results! (James Landis)


----------------------------------------------------------------------

Message: 1
Date: Thu, 5 Sep 2013 13:43:27 -0700
From: James Landis <james.landis at owasp.org>
To: OWASP PT of Vulns
    <owasp_periodic_table_of_vulnerabilities at lists.owasp.org>
Subject: [Owasp_periodic_table] Survey Results!
Message-ID:
    <CAH7LZFMk5F=BB7VVQ-WpuOXqkHFdiidkpCLTFYyz=25xMh9GwQ at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Hello project team!

The survey results are back. We didn't get quite as many responses as I
would have liked, but it should be enough for us to identify some key areas
to focus on for the last rounds of editing prior to OWASP USA.

Please take a look and reply with any comments you have about the feedback.

I also got some really great info from Brad Hill about the current
standards work as it applies to this project. Once I've made sure it
contains nothing proprietary, I'll share that here as well.

This month we'll be putting together a list of final changes based on the
combined survey and feedback results and signing people up to complete
those. I look forward to your help on this final push for the 1.0 release!

Thanks,
-j
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_periodic_table_of_vulnerabilities/attachments/20130905/9dbceafd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Periodic Table Survey Results.zip
Type: application/zip
Size: 56761 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp_periodic_table_of_vulnerabilities/attachments/20130905/9dbceafd/attachment.zip>

------------------------------

_______________________________________________
Owasp_periodic_table_of_vulnerabilities mailing list
Owasp_periodic_table_of_vulnerabilities at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp_periodic_table_of_vulnerabilities


End of Owasp_periodic_table_of_vulnerabilities Digest, Vol 6, Issue 1
*********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_periodic_table_of_vulnerabilities/attachments/20130907/a81bebaa/attachment-0001.html>


More information about the Owasp_periodic_table_of_vulnerabilities mailing list