[Owasp-topten] Extension to Comment Period for 2010 RC1?

Colin Watson colin.watson at owasp.org
Thu Dec 17 05:48:16 EST 2009


Dave

> The BIG changes currently expected are 2 or more new pages at the end
> like 'what's coming next, like cloud computing and such' and more about
> 'where to go from here (for managers, and developers)'. Things like
> that.

If "cloud computing" is going to be mentioned, I suppose the Cloud
Security Alliance could be referred to? v2.1 of their guidance has
just been released:

http://www.cloudsecurityalliance.org/

and mentions the Top Ten in the references.  But another document I
think is particularly useful, and less well known, is the European
Network and Information Security Agency (ENISA)'s review of cloud
computing benefits, risks and recommendations:

http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

There are risk and vulnerability lists and a worked example for a
medium-sized organisation.  The OWASP Top Ten is referenced from this
as well (and so is the Guide).

Regards

Colin


More information about the Owasp-topten mailing list