Talk:OWASP Common Numbering Project

Is document code really needed?
This was discussed without much feedback on the testing mailing list so I thought I'd bring it up on the wiki discussion as well: https://lists.owasp.org/pipermail/owasp-testing/2011-May/001915.html

I was reviewing https://www.owasp.org/index.php/Common_OWASP_Numbering#tab=OWASP_Common_Requirements_Numbering_Scheme this morning and it occurred to me that we shouldn't need the identifier in element one. If we're moving towards a common reference/number there should be no need to indicate a document code as the first element. Especially if the 4th optional element is for legacy identifiers.

Examples from the page: OCR-AUTHN-01 OCR-AUTHN-02 OCR-AUTHN-02.01 OCR-AUTHN-03 OCR-INPVAL-01 OCR-INPVAL-02

Reference from the page: 1st Element - Document code (OCR=OWASP Common Requirements Number, ODG=OWASP Development Guide, OTG=OWASP Testing Guide, OCG=OWASP Code Review Guide, others reserved) 2nd Element - Requirement Area (major) 3rd Element - Detailed Requirement Identifier (minor with up to one sublevel (e.g., .01, .02)   4th Element (Optional: DEPRECATED, or # for iterations, or legacy identifiers)

Rick.mitchell 08:51, 25 May 2011 (EDT)