Open kingthorin opened 2 years ago
We are prepering an unviersal ID that can be generated and used by any OWASP/projects, standards, tools etc: 'Open Security Information Base' (OSIB). E.g. current draft for the OSIB-ID for Top10/A01:2021 is "osib.owasp.top10.202110.1" (=osib.2.10.202110.1 as numbers) in a YAML structure (as names and as number based ID-list). I'm developing a macro using an OSIB YAML file to manage all document and version links in one file centrally. We plan to use OSIB as an intermediate to link between parents/children internally in a document, to link between different versions, and to other OWASP projects, and external references (e.g. CWE). The aim is to reduce or even avoid duplicate work for managing versions of links. Everyone can profit from links that an other project has compiled :-). Finally we are going to offer a machine readable content of the OWASP Top 10 using further attributes of this OSIB tree, later.
Actually, for the version number I suggest one number including the major version/year and 2 digits of the minor version number (Top10: 202110 = 2021/v1.0, ASVS: 402 = v4.0.2). This makes it easier to provide a token based ID-path and number based equal parhs (aliases). The OSIB structure can be used for the Common Requirement Enumeration (CRE) Project, too.
I am happy to discuss this with you, if you liked. Cheers Torsten
see also #526
Thanks, that sounds like it’ll cover it.
:smile:
Similar to what's been done for ASVS and WSTG: