[Global_industry_committee] OWASP Top 10 Release Candidate - Feedback / Remark / Question to Top 6

[Georg Heß]

Dave

thank you very much for your clarification.

And again: Great work !

Georg


-- 
Dr. Georg Hess (CEO) - georg.hess at artofdefence.com
T:+49 (0)941 604 889 58  M:+49 (0)170 575 3154  F:+49 (0)941 604 889 837

art of defence GmbH, Bruderwöhrdstr 15b, 93055 Regensburg, Germany
------------------------------------------------------------------------
Amtsgericht Regensburg HRB 9708
Geschäftsführer:
Dr. Georg Heß, Alexander Meisel
------------------------------------------------------------------------

Dave Wichers wrote:
> I appreciate your feedback, as always. The PCI council has had an early
> release and of course the RC and we haven't heard any concerns back from
> them and we have been coordinating with them, so we have given them the
> opportunity to express any concerns.
> 
> -Dave
> 
> -----Original Message-----
> From: Georg Heß [mailto:georg.hess at artofdefence.com] 
> Sent: Friday, April 16, 2010 4:11 AM
> To: Christian Heinrich
> Cc: Global_industry_committee; dave.wichers at owasp.org
> Subject: Re: [Global_industry_committee] OWASP Top 10 Release Candidate -
> Feedback / Remark / Question to Top 6
> 
> Christian,
> 
> in principle and theory I agree with all you are saying.
> 
> However, in real life I think we have to accept - at least I do - that
> having PCI DSS referencing directly to OWASP is one of the biggest
> successes of OWASP - in terms of visibility and credibility... and still
> the best "showcase" of an interaction of OWASP with industry bodies.
> 
> So, also from a "in principle" aspect, this relationship is far from
> being perfect we are working hard to get something like this "copied" to
> other industry groups ... like Cloud Security Alliance ... or even legal
> bodies...
> 
> And that´s exactly my main reason why I believe we should focus our
> message to the "external" work on  "application layer ONLY"....
> 
> Just my 2 cents...
> 
> Georg
> 
>