[Global_industry_committee] OWASP Top 10 Release Candidate - Feedback / Remark / Question to Top 6

Georg Heß georg.hess at artofdefence.com
Wed Apr 14 08:36:03 EDT 2010


Dave

I know that this feedback is very late .. but I am writing it anyway...

When I prepared my "What shall I say about the details of the new OWASP
Top 10.."  I realized that I am not very confident with the current
version of the NEW OWASP Top 6 - Security Misconfiguration.

The main reason is that it includes quite a bit of "network layer"
topics, too.

In general, I absolutely agree that this topic is important.

However, I think we will have some challenges - that we want to avoid -
with other industries including the OWASP Top 10 - like PCI DSS - under
the assumption that they ONLY cover the web application layer.

PCI DSS has - as you know - separate sections on network security and
patch management etc...

Maybe, this is all "old stuff" for you already...

I did not follow in detail the "release candidate feedback period"..

In my opinion, it would be great to "restrict" this topic to the
application layer...


All the best,
Georg



-- 
Dr. Georg Hess (CEO) - georg.hess at artofdefence.com
T:+49 (0)941 604 889 58  M:+49 (0)170 575 3154  F:+49 (0)941 604 889 837

art of defence GmbH, Bruderwöhrdstr 15b, 93055 Regensburg, Germany
------------------------------------------------------------------------
Amtsgericht Regensburg HRB 9708
Geschäftsführer:
Dr. Georg Heß, Alexander Meisel
------------------------------------------------------------------------


More information about the Global_industry_committee mailing list