[Owasp-leaders] CWE/SANS Top 25 Most Dangerous ProgrammingErrors

blake blake at owasp.org
Tue Jan 13 10:45:14 EST 2009


I have OWASP on google alerts.  There were a few references to the Top 10
regarding this recent news.  I feel that this news will only give OWASP
additional credability.
 
My opinion, this type of PR is good.
 
-Blake

  _____  

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Marcin
Wielgoszewski
Sent: Tuesday, January 13, 2009 10:01 AM
To: Jeff Williams
Cc: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous
ProgrammingErrors


Jeff, the thing that really bites me about it all... is nowhere, in any of
the news postings I've read since the release, has OWASP been mentioned or
given credit for its own Top 10.

Does anyone else feel the same way?  Or am I again being overly-possessive
and my preference for open-source, open-body organizations like OWASP
shining through?



On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:


I helped them out with this but didn't intend for them to assume an
organizational endorsement.  Even though it's basically the top ten + buffer
overflows, it helps our mission. 

--Jeff 




On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org>
wrote:



Today SANS in conjunction with MITRE have released the CWE/SANS Top 25 Most
Dangerous Programming Errors [1].  

It appears OWASP Foundation has made an official statement supporting this
initiative:


OWASP Foundation: 

"When facing a huge application portfolio that could contain many thousands
of instances of over 700 different types of weaknesses, knowing where to
start is a daunting task. Done right, stamping out the CWE Top 25 can not
only make you significantly more secure but can cut your software
development costs."
- Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair


[1]  <http://www.sans.org/top25errors/> http://www.sans.org/top25errors/


Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve
comment for the time being.


_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090113/6864e6f2/attachment-0001.html 


More information about the OWASP-Leaders mailing list