[Owasp-board] [Owasp-leaders] Owasp top 10

Eoin Keary eoin.keary at owasp.org
Fri Apr 11 16:32:13 UTC 2014


Thanks, ill take a look.
Can you share the statistical model used to reach the top 10 vulns? That would be a great help.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 11 Apr 2014, at 16:19, Neil Smithline <neil.smithline at owasp.org> wrote:

> The data is available. See the links on the T10 page Dave pointed you to. Search for the word "statistics". All Dave was saying is that OWASP neither hosts nor distributes the data. We just point you to the location the originator of the data has used to publish the data.
> 
> Neil
> 
> On Fri, Apr 11, 2014 at 3:40 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> Thanks dave,
>> So the data is not available, if i Understand you correctly? I'm sure it could be anonymised? I doubt contributors send you data with client information within? The top 10 is an popular project and understanding the data and model behind  project is important for the community.
>> 
>> 
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> 
>> On 11 Apr 2014, at 02:29, "Dave Wichers" <dave.wichers at owasp.org> wrote:
>> 
>> > Rather than the Top 10 project directly publishing the raw (and frequently
>> > not very pretty or necessarily well organized) data that each provider sent
>> > to the project privately, we asked each data provider to publish their data
>> > publically and then we linked to what they published in the OWASP Top 10
>> > itself in the attribution box on the Introduction page. This approach was
>> > taken to avoid the project publishing data that we didn't have explicit
>> > permission to redistribute (since we didn't ask for this permission when we
>> > made the original data call), and it also gave the data providers the
>> > opportunity to make their results look more presentable if they wished to do
>> > so before making their data public.
>> >
>> > The wiki page version of the Introduction page is here:
>> > https://www.owasp.org/index.php/Top_10_2013-Introduction which links to all
>> > the published data. Every organization that provided data to the OWASP Top
>> > 10 for 2013 published made their data public.
>> >
>> > -Dave
>> >
>> > -----Original Message-----
>> > From: owasp-leaders-bounces at lists.owasp.org
>> > [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin Keary
>> > Sent: Thursday, April 10, 2014 4:56 PM
>> > To: Samantha Groves; OWASP Foundation Board List; OWASP Leaders
>> > Subject: [Owasp-leaders] Owasp top 10
>> >
>> > Hi,
>> > Can you let me know where all the data and materials are for the owasp top
>> > 10 2013?
>> > I'd like to see the metrics which resulted in the top 10 opened up to the
>> > public.
>> > Doing this we can develop trend analysis, metrics and chart progress.
>> > Can this be done?
>> >
>> > Regards,
>> >
>> > Eoin Keary
>> > Owasp Global Board
>> > +353 87 977 2988
>> >
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> >
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140411/a9218f25/attachment.html>


More information about the Owasp-board mailing list