[Global_industry_committee] OWASP Top 10 Release Candidate - Feedback / Remark / Question to Top 6

Georg Heß georg.hess at artofdefence.com
Wed Apr 14 08:36:03 EDT 2010


I know that this feedback is very late .. but I am writing it anyway...

When I prepared my "What shall I say about the details of the new OWASP
Top 10.."  I realized that I am not very confident with the current
version of the NEW OWASP Top 6 - Security Misconfiguration.

The main reason is that it includes quite a bit of "network layer"
topics, too.

In general, I absolutely agree that this topic is important.

However, I think we will have some challenges - that we want to avoid -
with other industries including the OWASP Top 10 - like PCI DSS - under
the assumption that they ONLY cover the web application layer.

PCI DSS has - as you know - separate sections on network security and
patch management etc...

Maybe, this is all "old stuff" for you already...

I did not follow in detail the "release candidate feedback period"..

In my opinion, it would be great to "restrict" this topic to the
application layer...

All the best,

Dr. Georg Hess (CEO) - georg.hess at artofdefence.com
T:+49 (0)941 604 889 58  M:+49 (0)170 575 3154  F:+49 (0)941 604 889 837

art of defence GmbH, Bruderwöhrdstr 15b, 93055 Regensburg, Germany
Amtsgericht Regensburg HRB 9708
Dr. Georg Heß, Alexander Meisel

More information about the Global_industry_committee mailing list