RE: OASIS WAS Classification Scheme

[Larry Guger <LarryGuger () shaw ca>]

Mark,

I have been lurking for quite some time trying to decide how best I can help
out with OWASP.  I would be happy to be a reviewer/proof-reader for the
specifications.

Larry Guger
larryguger at shaw dot ca


> We are holding a face to face meeting of the OASIS WAS Technical Committee
> next week to (among other things) try to close out the final version of
the
> WAS Classification scheme. As you know OASIS is an official standards body
> so this will be able to serve as a useful cornerstone for discussing and
> documenting web security issues.

> There are already quite a few people (especially financial services) lined
> up to use it in services and documentation in ways such as metrics and
> measurement programs and web application pen test reporting.

> The intent is to publish this and the supporting "Risk Ranking Scheme"
> (probably based on a grad score 1-100) before the end of April. If anyone
is
> interested in helping review and proof red that documentation please drop
me
> an email.

> Mark