[Owasp-board] Using CWE / CVE in OWASP Top 10 2007

Andrew van der Stock vanderaj at owasp.org
Mon Jan 29 00:21:21 UTC 2007

Hi there,

I am one of the authors of the soon to be released OWASP Top 10 2007. We
have based this update on the CWE distribution data, which is rather good.

We have had a couple of million downloads of the Top 10 2004 over the last
three years, and so as a courtesy, I'd like to ask permission to link to you
before we release. 

The document uses three links per issue, so the document contains
approximately 30 links in total. The links are used as exemplars like this:


As most folks who use this document typically also use your site today, I
doubt this will produce much spike in activity, but just in case, I'd like
to make sure and ask permission before we publish it far and wide. We will
be publishing primarily on our Wiki, and in Word and PDF forms for those who
want an offline copy.

I've included a PDF of one of the chapters as an example of how we use your
data and link to your site. If you want to review or see the entire
document, please don't hesitate to ask. It will be publicly available as a
release candidate by no later than the end of the week. We expect to have
approximately a period of one month for peer review and comment prior to
public release.

Andrew van der Stock
OWASP Executive Director

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Top 10 2007 RC1.pdf
Type: application/octet-stream
Size: 92819 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070128/9b7220ee/attachment-0002.obj>

More information about the Owasp-board mailing list