[Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors

Marcin Wielgoszewski marcin at owasp.org
Tue Jan 13 10:01:08 EST 2009

Jeff, the thing that really bites me about it all... is nowhere, in any of
the news postings I've read since the release, has OWASP been mentioned or
given credit for its own Top 10.

Does anyone else feel the same way?  Or am I again being overly-possessive
and my preference for open-source, open-body organizations like OWASP
shining through?

On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams <
jeff.williams at aspectsecurity.com> wrote:

> I helped them out with this but didn't intend for them to assume an
> organizational endorsement.  Even though it's basically the top ten + buffer
> overflows, it helps our mission.
> --Jeff
> On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org>
> wrote:
> Today SANS in conjunction with MITRE have released the CWE/SANS Top 25 Most
> Dangerous Programming Errors [1].
> It appears OWASP Foundation has made an official statement supporting this
> initiative:
> OWASP Foundation: "When facing a huge application portfolio that could
> contain many thousands of instances of over 700 different types of
> weaknesses, knowing where to start is a daunting task. Done right, stamping
> out the CWE Top 25 can not only make you significantly more secure but can
> cut your software development costs."
> - Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair
> [1] <http://www.sans.org/top25errors/>http://www.sans.org/top25errors/
> Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve
> comment for the time being.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090113/0f0e48ef/attachment.html 

More information about the OWASP-Leaders mailing list