[Owasp-board] OWASP Top 10 2007 RC 1

Jeff Williams jeff.williams at owasp.org
Thu Jan 18 18:01:54 UTC 2007

Hi everyone,


I'm getting excited about this - a real improvement over previous versions.
I've updated these a lot (to the point where tracking was interfering with
editing a good bit).  There are still some things to fill in - many are
highlighted in yellow.  But I'm losing focus.


I like the schedule Dinis proposed, although I think we should play it by
ear to see if we need so many rounds.  Like software if we get to a release
candidate that proves stable, we should call it final and release.





From: Dinis Cruz [mailto:dinis at ddplus.net] 
Sent: Thursday, January 18, 2007 7:23 AM
To: Andrew van der Stock
Cc: Andrew van der Stock; Dave Wichers; jeff.williams at owasp.org
Subject: Re: OWASP Top 10 2007 RC 1


Andrew are we set to go?

I want to include a reference to the Top 10 in this week's newsletter


On 1/16/07, Andrew van der Stock < vanderaj at owasp.org> wrote:

Jeff should have a new draft this morning.  


He was unhappy that the headings as we discussed in November didn't come
through, just as I was unhappy with November's headings not relating
directly to MITRE's raw data (with the exception of CSRF). With the new
draft, we'll need to de-emphasize the MITRE correlation as it no longer is
strictly true.  




On 16/01/2007, at 5:47 AM, Dinis Cruz wrote:

Hi Andrew, I think that this is ready for public distribution. 

I propose the following plan.

1) 'RC1 release' email to owasp-leaders
2) 1 week later RC1 email to owasp-all, multiple security mailing lists and
3) 1 month later, 1st revision of comments, release of RC2 and go through
another round of peer review 
4) 1 month later, 2nd revision of comments, release RC3 for final proof
(this might not be to owasp-all, probaly just to owasp-topten and
owasp-leaders mailing list) 
5) 2 weeks later, release final version (and do a big presentation about it
at the next OWASP conference) 


On 1/15/07, Andrew van der Stock < <mailto:vanderaj at gmail.com>
vanderaj at gmail.com> wrote:

Hi guys, 

here's the release candidate draft I've worked on through the weekend. 
It takes into account all of our conversations through November.
However, it does make one change - input validation. This is really 
part of the raw data at #7, and I'd prefer not to have three access
control headings and no input validation. So we have two access 
control headings instead.

Please review, and if acceptable, forward to owasp-topten and 
owasp-leaders. Once we're happy it can be seen outside, it's time for
outside comment.


Dinis Cruz
Chief OWASP Evangelist, Are you a member yet? 


Dinis Cruz
Chief OWASP Evangelist, Are you a member yet?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070118/ca5854ef/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Top 10 2007.doc
Type: application/msword
Size: 604160 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070118/ca5854ef/attachment-0002.doc>

More information about the Owasp-board mailing list