[Owasp-leaders] What's the "catalyst" project all about?
McGovern, James F (HTSC, IT)
James.McGovern at thehartford.com
Mon Jul 13 12:21:55 EDT 2009
I don't think a day goes by where some developer isn't complaining about
the Top Ten, albeit for different reasons. Human nature says that no one
can remember more than five or six bullets (Think Powerpoint) as well as
the explanations of them need to be concise (think Twitter). They want
to explain the top ten in an elevator pitch using no more than thirty
seconds that is understandable to a non-technical developer (no, I
didn't make a typo)
________________________________
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Adam Muntner
Sent: Monday, July 13, 2009 12:15 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] What's the "catalyst" project all about?
I think their intention is to use Top 10 as a list of specific
vulnerabilities that should not occur. Top-10 is great, but the name
alone suggests that it isn't a "complete list," rather just the "Top
10."
ASVS and the Testing Guide are both way better references, but both
serve different purposes than Top 10, The context in which I could see
ASVS and the Testing Guide being useful for PCI is in PA-DSS.
And yes I can spell "lesson," no more sending OWASP list emails at 10 PM
after having some wine. ;)
On Mon, Jul 13, 2009 at 6:29 AM, McGovern, James F (HTSC, IT)
<James.McGovern at thehartford.com> wrote:
In order for maturity models to gain the popularity of the Top
Ten, the following needs to occur:
1. It needs to be promoted outside of the security community.
OWASP should issue a press release for its announcement that is targeted
at magazines CIO types read.
2. Some feel that PCI incorrectly references the OWASP Top Ten
and instead should point to ASVS. We need to pitch the fact that
security is an ongoing concern that needs to be measured based on
continual improvement to PCI and suggest OpenSAMM
3. We need to dedicate a day named: OWASP Security Maturity Day
and encourage all OWASP participants to use a #opensamm on Twitter and
watch it rise, such that others will also participate.
************************************************************
This communication, including attachments, is for the exclusive
use of addressee and may contain proprietary, confidential and/or
privileged information. If you are not the intended recipient, any use,
copying, disclosure, dissemination or distribution is strictly
prohibited. If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this communication and
destroy all copies.
************************************************************
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090713/3531d98b/attachment.html
More information about the OWASP-Leaders
mailing list