The Honeycomb project seems interesting. This sounds a lot like the Common Weakness Enumeration (CWE see http://cwe.mitre.org) effort that has been going on for the past year as part of the DHS software assurance metrics and tool evaluation project. The CWE is an aggregation of sources including Seven Pernicious Kingdoms, CLASP, PLOVER, ten from OWASP, the Web Security Threat Classification, 19 Deadly Sins, etc. that describes software weaknesses (to date ~500 of them) in a consistently named fashion and provides a taxonomy to organize the relationships between the weaknesses. The classification comes with the help of a large community effort including NIST, MITRE, DHS, NSA, many commercial organizations, academia, and the public. And, I believe there are currently 15-20 tool vendors, including Fortify Software and Secure Software, that are contributing and mapping their content to the CWE.
Thanks, Michael Gegick _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php