A new committee at the Organization for the Advancement of Structured Information Standards (OASIS) is laying the groundwork for a new classification system to describe Web security vulnerabilities. The OASIS Web Application Security (WAS) Technical Committee will be responsible for . . .
A new committee at the Organization for the Advancement of Structured Information Standards (OASIS) is laying the groundwork for a new classification system to describe Web security vulnerabilities. The OASIS Web Application Security (WAS) Technical Committee will be responsible for developing an XML (Extensible Markup Language) schema that describes Web security conditions and provides guidelines for classifying and rating the risk level of application vulnerabilities, according to a statement released by OASIS on Wednesday.

The new committee is made up of representatives from a number of companies in the security space including Netcontinuum, Qualys, Sanctum and SPI Dynamics. Once defined and adopted, the WAS vulnerability descriptions would replace a system in which the same application security vulnerability is described in different ways by different organizations, according to OASIS.