[Owasp-board] OWASP Top 10 Review

Jeff Williams jeff.williams at owasp.org
Wed Nov 11 04:35:09 UTC 2009

Is that different than this. (from the draft)??   I guess you're suggesting
ratification by the membership/chapters/etc.  I'm not sure how we would come
to consensus.




Request for Comments 

OWASP plans to release the final public release of the OWASP Top 10 - 2010
during the first quarter of 2010 after a final, one-month public comment
period ending December 31, 2009. 


This release of the OWASP Top 10 marks this project's eighth year of raising
awareness of the importance of application security risks. This release has
been significantly revised to clarify the focus on risk. To do this, we've
detailed the threats, attacks, weaknesses, security controls, technical
impacts, and business impacts associated with each risk. By adopting this
approach, we hope to provide a model for how organizations can think beyond
the ten risks here and figure out the most important risks that their
applications create for their business. 


Following the final publication of the OWASP Top 10 - 2010, the
collaborative work of the OWASP community will continue with updates to
supporting documents including the OWASP wiki, OWASP Developer's Guide,
OWASP Testing Guide, OWASP Code Review Guide, and the OWASP Prevention Cheat
Sheet Series.


Constructive comments on this OWASP Top 10 - 2010 Release Candidate should
be forwarded via email to OWASP-TopTen at lists.owasp.org. Private comments may
be sent to dave.wichers at owasp.org.  Anonymous comments are welcome.  All
non-private comments will be catalogued and published at the same time as
the final public release.  Comments recommending changes to the items listed
in the Top 10 should include a complete suggested list of 10 items, along
with a rationale for any changes. All comments should indicate the specific
relevant page and section. 


Your feedback is critical to the continued success of the OWASP Top 10
Project. Thank you all for your dedication to improving the security of the
world's software for everyone.





Jeff Williams, Chair

The OWASP Foundation

Work: 410-707-1487

Main: 301-604-4882


From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Tom Brennan -
Sent: Tuesday, November 10, 2009 11:17 PM
To: Dave Wichers
Cc: john.wilander at owasp.org; OWASP Foundation Board List
Subject: [Owasp-board] OWASP Top 10 Review


What if... request for comment for the OWASP Top 10 (draft) was put out to
the membership at the Summit + at the conference at Dave's talk (of course)
to the community with a 30 day ratification to come from Chapters around the
world for RC1 then ratified with Jan 1 2010 official release.  This would be
a effort from the community (chapters and members) for the community and
each chapter can submit comment by X date.... just thinking (John Wilander's

Can you see the press covering this, industry folks and magazines that would
be FORCED to cover the Draft + RC1 + Release

Just thinking as we close out the bar ;)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20091110/20b6eb9d/attachment-0002.html>

More information about the Owasp-board mailing list