Re: OWASP Top Ten - taxing taxonomies

["Frank O'Dwyer" <fod () littlecatZ com>]

Evans, Arian wrote:

> [...]
>
> Here's three elements I use in distinction in my Taxonomy of 'Issues':
> Class, Category, Particular, e.g.--
>
> Class--programmatic
> Category--input validation (or output encoding)
> Particular--XSS 
>  
I know I am going to regret asking this, but what would anyone use this
for? Also what makes you think these things fit into a hierarchy at all,
never mind an objective one? There are any number of ways to categorise
these things. They have a habit of belonging in more than one category, too.

This really doesn't strike me as any more compelling than the folders
you might use to file your email or documents in. Very useful for you
maybe, but probably nobody else would find their way around it. That is
why these things always wind up up having multiple views and a 'search'
button.

Cheers,
Frank