« Microsoft Security Bulletin Summary for July 2009 | Main | Nmap 5.00 Released »

Threat Classification v2 and the need for change

As I recently posted the WASC Threat Classification v2 is currently in a public working state and there's been a buzz on the mailing lists about it compared to other related projects. Vishal Garg posed a question I was expecting for awhile which is why does the TCv2 look so much different than TCv1? I've posted a fairly lengthy reply about the challenges of creating classification systems that provides a lot of insight into this project, our challenges, and end decisions. Based on this thread I'm likely going to need to create a more in depth challenges section for those curiosity seekers.

The WASC TCv2 is currently a work in progress and can be reviewed on our working page at http://projects.webappsec.org/Threat-Classification-Working .


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!