[Owasp-leaders] What's the "catalyst" project all about?
Adam Muntner
adam.muntner at quietmove.com
Mon Jul 13 12:14:56 EDT 2009
I think their intention is to use Top 10 as a list of specific
vulnerabilities that should not occur. Top-10 is great, but the name alone
suggests that it isn't a "complete list," rather just the "Top 10."
ASVS and the Testing Guide are both way better references, but both serve
different purposes than Top 10, The context in which I could see ASVS and
the Testing Guide being useful for PCI is in PA-DSS.
And yes I can spell "lesson," no more sending OWASP list emails at 10 PM
after having some wine. ;)
On Mon, Jul 13, 2009 at 6:29 AM, McGovern, James F (HTSC, IT) <
James.McGovern at thehartford.com> wrote:
> In order for maturity models to gain the popularity of the Top Ten, the
> following needs to occur:
>
> 1. It needs to be promoted outside of the security community. OWASP should
> issue a press release for its announcement that is targeted at magazines CIO
> types read.
> 2. Some feel that PCI incorrectly references the OWASP Top Ten and instead
> should point to ASVS. We need to pitch the fact that security is an ongoing
> concern that needs to be measured based on continual improvement to PCI and
> suggest OpenSAMM
> 3. We need to dedicate a day named: OWASP Security Maturity Day
> and encourage all OWASP participants to use a #opensamm on Twitter and watch
> it rise, such that others will also participate.
>
> ************************************************************
> This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
> ************************************************************
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090713/e0ce76d6/attachment.html
More information about the OWASP-Leaders
mailing list