The The Web Application Security Consortium Threat Classification version 2.0 has been published. It is a document that attempts to classify common web application vulnerabilities and attacks so they can be referred to with a WASC (v2.0) number to keep documentation uniform across the industry; akin to how HTTP status codes are referenced. This vastly simplifies auditing of web application security audit reporting; creating a simple way of referencing attacks and weaknesses. This update adds many new useful features and fills-in missing attack types and weaknesses associated with them.
The post over at cgisecurity.com explains WASC v2 in more detail.
WASC Threat Classification 2.0 Project Site
