As I recently posted the WASC Threat Classification v2 is currently in a public working state and there's been a buzz on the mailing lists about it compared to other related projects. Vishal Garg posed a question I was expecting for awhile which is why does the TCv2 look so much different than TCv1? I've posted a fairly lengthy reply about the challenges of creating classification systems that provides a lot of insight into this project, our challenges, and end decisions. Based on this thread I'm likely going to need to create a more in depth challenges section for those curiosity seekers.

The WASC TCv2 is currently a work in progress and can be reviewed on our working page at http://projects.webappsec.org/Threat-Classification-Working .