[Owasp-leaders] CWE/SANS Top 25 Most Dangerous ProgrammingErrors

Eoin eoin.keary at owasp.org
Wed Jan 14 05:39:19 EST 2009


Its great, it brings the idea of App Sec more into the development world
"security @ source" as opposed to the vulnerability management and pen
testing

2009/1/13 blake <blake at owasp.org>

>  I have OWASP on google alerts.  Tre were a few references to the Top 10
> regarding this recent news.  I feel that this news will only give OWASP
> additional credability.
>
> My opinion, this type of PR is good.
>
> -Blake
>  ------------------------------
>  *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Marcin Wielgoszewski
> *Sent:* Tuesday, January 13, 2009 10:01 AM
> *To:* Jeff Williams
> *Cc:* owasp-leaders at lists.owasp.org
> *Subject:* Re: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous
> ProgrammingErrors
>
>   Jeff, the thing that really bites me about it all... is nowhere, in any
> of the news postings I've read since the release, has OWASP been mentioned
> or given credit for its own Top 10.
>
> Does anyone else feel the same way?  Or am I again being overly-possessive
> and my preference for open-source, open-body organizations like OWASP
> shining through?
>
>
> On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams <
> jeff.williams at aspectsecurity.com> wrote:
>
>>  I helped them out with this but didn't intend for them to assume an
>> organizational endorsement.  Even though it's basically the top ten + buffer
>> overflows, it helps our mission.
>>
>> --Jeff
>>
>>
>>
>> On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org>
>> wrote:
>>
>>  Today SANS in conjunction with MITRE have released the CWE/SANS Top 25
>> Most Dangerous Programming Errors [1].
>>
>> It appears OWASP Foundation has made an official statement supporting this
>> initiative:
>>  OWASP Foundation: "When facing a huge application portfolio that could
>> contain many thousands of instances of over 700 different types of
>> weaknesses, knowing where to start is a daunting task. Done right, stamping
>> out the CWE Top 25 can not only make you significantly more secure but can
>> cut your software development costs."
>> - Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair
>> [1] <http://www.sans.org/top25errors/>http://www.sans.org/top25errors/
>>
>>
>> Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve
>> comment for the time being.
>>
>>  _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Eoin Keary CISSP CISA
OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090114/ab8716b5/attachment.html 


More information about the OWASP-Leaders mailing list