A newly formed OASIS Web Application Security Technical Committee will attempt to unite industry consensus and provide standards for classifying and responding to web security vulnerabilities. The specifications are designed to benefit both vendors and users.

The TC will leverage and extend the work of the Open Web Application Security (OWASP) VulnXML project that has been established for over a year. The existing VulnXML work is being contributed to OASIS as part of the new TC proposal. According to the proposed charter, the WAS-XML technical committee will produce: (1) a classification scheme for web security vulnerabilities; (2) a model to provide guidance for initial threat, impact and therefore risk ratings; (3) an XML schema to describe web security conditions that can be used by both assessment and protection tools. The TC Chair is Mark Curphey. The first meeting of the technical committee will be held as a conference call on July 03, 2003.

[ Read more ]

Related items

• News: OASIS ponders PKI security for Web services (8 January 2003)
• News: Web Services Security: Moving up the stack (6 January 2003)
• News: Security standard gains OASIS approval (7 November 2002)
• Article: News from the RSA Security press conference (8 October 2002)
• News: OASIS fuels security agenda (2 September 2002)