OASIS WAS Classification Scheme

["Mark Curphey" <mark () curphey com>]

We are holding a face to face meeting of the OASIS WAS Technical Committee
next week to (among other things) try to close out the final version of the
WAS Classification scheme. As you know OASIS is an official standards body
so this will be able to serve as a useful cornerstone for discussing and
documenting web security issues. 

There are already quite a few people (especially financial services) lined
up to use it in services and documentation in ways such as metrics and
measurement programs and web application pen test reporting.

The intent is to publish this and the supporting "Risk Ranking Scheme"
(probably based on a grad score 1-100) before the end of April. If anyone is
interested in helping review and proof red that documentation please drop me
an email.

Mark