[Owasp-board] [Owasp-leaders] Owasp top 10

Eoin Keary eoin.keary at owasp.org
Fri Apr 11 16:40:40 UTC 2014


Could not say it better myself. 
We simply want to see how the top 10 is arrived at so we can use this model, maybe improve the sample space and see what else we can do with the data.
Is that ok?

Eoin Keary
Owasp Global Board
+353 87 977 2988


On 11 Apr 2014, at 17:35, Josh Sokol <josh.sokol at owasp.org> wrote:

> Assuming we're seeing the same thing (https://www.owasp.org/index.php/Top_10_2013-Introduction under "Attribution"), then I'm not sure you can call this "the data".  That's just a link to the the briefings from each of these companies on the latest attacks and threat vectors.  It's statistics through the lens of marketing.  I think that what Eoin was looking for was the spreadsheets that were analyzed in order to generate these statistics and, probably more important, how we consumed those spreadsheets and dissected the information in order to compute the OWASP Top 10.  Using data from other companies is fine, but we need to be transparent in how that data gets bubbled up in order to create the Top 10.  Are there workpapers of some sort?  Pivot tables?  Some sort of ranking system?  I think that's what Eoin was asking for.
> 
> ~josh
> 
> 
> On Fri, Apr 11, 2014 at 10:19 AM, Neil Smithline <neil.smithline at owasp.org> wrote:
>> 
>> The data is available. See the links on the T10 page Dave pointed you to. Search for the word "statistics". All Dave was saying is that OWASP neither hosts nor distributes the data. We just point you to the location the originator of the data has used to publish the data.
>> 
>> Neil
>> 
>> On Fri, Apr 11, 2014 at 3:40 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>>> Thanks dave,
>>> So the data is not available, if i Understand you correctly? I'm sure it could be anonymised? I doubt contributors send you data with client information within? The top 10 is an popular project and understanding the data and model behind  project is important for the community.
>>> 
>>> 
>>> 
>>> 
>>> Eoin Keary
>>> Owasp Global Board
>>> +353 87 977 2988
>>> 
>>> 
>>> On 11 Apr 2014, at 02:29, "Dave Wichers" <dave.wichers at owasp.org> wrote:
>>> 
>>> > Rather than the Top 10 project directly publishing the raw (and frequently
>>> > not very pretty or necessarily well organized) data that each provider sent
>>> > to the project privately, we asked each data provider to publish their data
>>> > publically and then we linked to what they published in the OWASP Top 10
>>> > itself in the attribution box on the Introduction page. This approach was
>>> > taken to avoid the project publishing data that we didn't have explicit
>>> > permission to redistribute (since we didn't ask for this permission when we
>>> > made the original data call), and it also gave the data providers the
>>> > opportunity to make their results look more presentable if they wished to do
>>> > so before making their data public.
>>> >
>>> > The wiki page version of the Introduction page is here:
>>> > https://www.owasp.org/index.php/Top_10_2013-Introduction which links to all
>>> > the published data. Every organization that provided data to the OWASP Top
>>> > 10 for 2013 published made their data public.
>>> >
>>> > -Dave
>>> >
>>> > -----Original Message-----
>>> > From: owasp-leaders-bounces at lists.owasp.org
>>> > [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin Keary
>>> > Sent: Thursday, April 10, 2014 4:56 PM
>>> > To: Samantha Groves; OWASP Foundation Board List; OWASP Leaders
>>> > Subject: [Owasp-leaders] Owasp top 10
>>> >
>>> > Hi,
>>> > Can you let me know where all the data and materials are for the owasp top
>>> > 10 2013?
>>> > I'd like to see the metrics which resulted in the top 10 opened up to the
>>> > public.
>>> > Doing this we can develop trend analysis, metrics and chart progress.
>>> > Can this be done?
>>> >
>>> > Regards,
>>> >
>>> > Eoin Keary
>>> > Owasp Global Board
>>> > +353 87 977 2988
>>> >
>>> > _______________________________________________
>>> > OWASP-Leaders mailing list
>>> > OWASP-Leaders at lists.owasp.org
>>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> >
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140411/c976f1b3/attachment-0001.html>


More information about the Owasp-board mailing list