[Owasp-board] OWASP Top 10

Jim Manico jim.manico at owasp.org
Sun Apr 13 19:12:46 UTC 2014


We have project leaders of the OWASP Top Ten that traditionally made
vendor-specific decisions for the branding, decision making and release of
the document. Heck, even the wiki edits of the OWASP Top Ten were
restricted to being edited only by the project leader. This document never
went through an objective advisory process. The fishiness of A9 is also
problematic when these other issues are considered.

I agree there is very little we can do to change the OWASP Top Ten 2013,
but when you have project leaders with a long history of a "closed"
process, it's really difficult for others to just "jump in and do it right"
for 2015. I think we need either a different leader to step up and be
board-supported or we fork the document and work on it with a different

So I'm not saying that I have the right process in mind, I'm just saying
the due to the past problems with the documents creation, the board or
project manager may need to step in and define that new process, or at
least step in early when a closed process is preventing an open and
collaborative document.

-          Jim

*From:* owasp-board-bounces at lists.owasp.org [mailto:
owasp-board-bounces at lists.owasp.org] *On Behalf Of *Michael Coates
*Sent:* Sunday, April 13, 2014 8:45 AM
*To:* Eoin Keary; Samantha Groves
*Cc:* OWASP Foundation Board List
*Subject:* Re: [Owasp-board] OWASP Top 10


Are we dancing around the elephant in the room? We know there are many
calls for the top 10 to be more open. I hope people will join the project
and push the top 10 process from it's beginning and create a very open 2015
top 10 with all these ideas  - we just need to get into the process at the
beginning, not the end.

I guess my question is this - why not just ask the project mailing list for
this information directly? Or are they not responding or refusing?

I don't think we have a model or expectation that a request to project X
should flow through Samantha to simply relay that same request to the
project mailing list.

Perhaps I'm missing something - help me understand?

Michael Coates

On Sun, Apr 13, 2014 at 4:41 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

Hi Samantha,
I am formally requesting that as projects manager you obtain the data, work
papers and associated statistic model for the owasp top 10. This is a core
owasp project and needs to be assessed such that we can leverage it for
other endeavours.
Thanks in advance.

Eoin Keary
Owasp Global Board
+353 87 977 2988

Owasp-board mailing list
Owasp-board at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140413/423df8fc/attachment.html>

More information about the Owasp-board mailing list