[Owasp-topten] Extension to Comment Period for 2010 RC1?
Colin Watson
colin.watson at owasp.org
Thu Dec 17 05:48:16 EST 2009
Dave
> The BIG changes currently expected are 2 or more new pages at the end
> like 'what's coming next, like cloud computing and such' and more about
> 'where to go from here (for managers, and developers)'. Things like
> that.
If "cloud computing" is going to be mentioned, I suppose the Cloud
Security Alliance could be referred to? v2.1 of their guidance has
just been released:
http://www.cloudsecurityalliance.org/
and mentions the Top Ten in the references. But another document I
think is particularly useful, and less well known, is the European
Network and Information Security Agency (ENISA)'s review of cloud
computing benefits, risks and recommendations:
http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment
There are risk and vulnerability lists and a worked example for a
medium-sized organisation. The OWASP Top Ten is referenced from this
as well (and so is the Guide).
Regards
Colin
More information about the Owasp-topten
mailing list