<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><div>Greetings FD,</div><div><br></div><div>I'm pleased to announce the release of the latest version of the Common Criteria Web Application Security Scoring : CCWAPSS v1.1.</div><div><br></div><div>This update clarifies the rating process when rating multiple flaws associated to the same criteria.</div><div><br></div><div>CCWAPSS</div><div>=========</div><div><br></div><div>CCWAPSS is a comprehensive security scoring methodolody dedicated to web application pentests.</div><div>This scale aims at sharing a common, open and documented evaluation methodology between security auditors and final customers. </div><div><br></div><div>Key benefits of CCWAPSS</div><div>=====================</div><div>- Offering a solution to interpretation problems between different auditors by providing clear and 11 well documented criteria.</div><div>- Fighting against the « gaussienne » inclination using a restricted granularity that forces the auditor to clear-cut score (there is no medium choice).</div><div>- The maximum score (10/10) means “compliant with Best Practices”. This score could be exceeded in case of excellence (like a medical vision evaluation such as 12/10).</div><div>- Each criteria is relative to section of the OWASP Guide 3.0.</div><div><br></div><div>The CCWAPSS v1.1 whitepaper is available in PDF format at <a href="http://ccwapss.blogspot.com/">http://ccwapss.blogspot.com/</a>.</div><div><br></div><div>Comments and suggestions are always welcome.</div><div><br></div><div>Regards, Fred.</div></div></div><br></body></html>