[Owasp-topten] Outsider's View of Top Ten
Andrew van der Stock
vanderaj at greebo.net
Wed Oct 26 11:30:35 EDT 2005
The Top 10 - if used as an educational / awareness tool - should
probably concentrate on the things that would make the most
difference if you were stuck on a desert island and couldn't get back
to your favorite skim soya double choc latte supplier until they were
fixed.
I still believe that these should be the things that would prevent
a) reputation and financial loss to the organization fixing the top 10
b) financial and privacy loss to the clients of the organization
c) mass fraud or identity theft in any way
Personally, I think we should just write a strawman and see how it
goes. I researched the PHP Top 5 one night with a pad of paper and
the Bugtraq archives, and re-wrote it whilst I was at a cafe having
late afternoon breakfast. If it's as short as I think everyone wants
it to be, it shouldn't take too long. Do the frontispiece/TOC/Intro
and Index last, and it shouldn't be more than a week for a group with
as many active members as this one.
Do first, apologize later.
thanks,
Andrew
More information about the Owasp-topten
mailing list