[OWASP-Delhi] Fwd: [Owasp-leaders] OWASP Top 2017 - Data Call

Sandeep Singh sandeep.singh at owasp.org
Sun May 22 05:09:19 UTC 2016



---------- Forwarded message ----------
From: <dave.wichers at owasp.org>
Date: Sat, May 21, 2016 at 8:01 AM
Subject: [Owasp-leaders] OWASP Top 2017 - Data Call
To: owasp-leaders at lists.owasp.org

The OWASP Top 10 project is launching its effort to update the Top 10
again. The current version was released in 2013, and so this update is
expected to be the 2016 or more likely 2017 release. This time around, we
are making an open data call so anyone with application vulnerability
statistics can contribute their data to the project. To make it easier for
the project to consume this contributed data, we are requesting it be
provided via this Google form.

DEADLINE: Data must be submitted by July 20, 2016.

As an OWASP project, we strive to make everything about every project as
open as possible. For this release of the Top 10, we are going to publish
all the contributed data so that anyone can review it to understand what
input was considered to produce this update, and for other uses as well. We
could imagine other groups/projects making use of this data for other
reasons, so we believe publishing this data will have multiple benefits.

WARNING: You acknowledge that by contributing data to this update of the
Top 10, that you authorize its publication. DO NOT CONTRIBUTE anything you
don’t want to become public.

Guidance on what data we are looking for:

We are looking for web application vulnerability statistics collected by
your organization:
• In web applications you assessed.
• During the years 2014, 2015, or both.
• These vulnerabilities can be in the code itself, the libraries the
applications use, or in the configuration of the environment the
applications run in.

We are NOT interested in OS, or network level vulnerabilities. We ARE
interested in vulnerabilities in any SQL code running in any databases that
back the applications being assessed and the database accounts used to run
this code, but are generally NOT interested in security issues in the
configuration of the database server itself.

Use your best judgment here to try to keep the data submitted relevant to
the project. If you have a question or aren’t sure, just ask us for

There are 5 pages of questions, most of which are very short. The long one
is page 4, which asks for all the vulnerability statistics. If you prefer,
you can send your answers to the questions on page 4 via email to
dave.wichers at owasp.org but please submit the rest of your input via this
Google form.

I've invited you to fill out the form *OWASP Top 10 - 2016 Data Call*. To
fill it out, visit:

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20160522/fcfe5de6/attachment.html>

More information about the OWASP-Delhi mailing list