WebApp Sec mailing list archives
RE: OASIS WAS Classification Scheme
From: Larry Guger <LarryGuger () shaw ca>
Date: Fri, 19 Mar 2004 20:05:44 -0600
Mark, I have been lurking for quite some time trying to decide how best I can help out with OWASP. I would be happy to be a reviewer/proof-reader for the specifications. Larry Guger larryguger at shaw dot ca
We are holding a face to face meeting of the OASIS WAS Technical Committee next week to (among other things) try to close out the final version of
the
WAS Classification scheme. As you know OASIS is an official standards body so this will be able to serve as a useful cornerstone for discussing and documenting web security issues.
There are already quite a few people (especially financial services) lined up to use it in services and documentation in ways such as metrics and measurement programs and web application pen test reporting.
The intent is to publish this and the supporting "Risk Ranking Scheme" (probably based on a grad score 1-100) before the end of April. If anyone
is
interested in helping review and proof red that documentation please drop
me
an email.
Mark
Current thread:
- OASIS WAS Classification Scheme Mark Curphey (Mar 19)
- <Possible follow-ups>
- RE: OASIS WAS Classification Scheme Larry Guger (Mar 19)