[Owasp-leaders] CWE/SANS Top 25 Most Dangerous ProgrammingErrors
eoin.keary at owasp.org
Wed Jan 14 05:39:19 EST 2009
Its great, it brings the idea of App Sec more into the development world
"security @ source" as opposed to the vulnerability management and pen
2009/1/13 blake <blake at owasp.org>
> I have OWASP on google alerts. Tre were a few references to the Top 10
> regarding this recent news. I feel that this news will only give OWASP
> additional credability.
> My opinion, this type of PR is good.
> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Marcin Wielgoszewski
> *Sent:* Tuesday, January 13, 2009 10:01 AM
> *To:* Jeff Williams
> *Cc:* owasp-leaders at lists.owasp.org
> *Subject:* Re: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous
> Jeff, the thing that really bites me about it all... is nowhere, in any
> of the news postings I've read since the release, has OWASP been mentioned
> or given credit for its own Top 10.
> Does anyone else feel the same way? Or am I again being overly-possessive
> and my preference for open-source, open-body organizations like OWASP
> shining through?
> On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams <
> jeff.williams at aspectsecurity.com> wrote:
>> I helped them out with this but didn't intend for them to assume an
>> organizational endorsement. Even though it's basically the top ten + buffer
>> overflows, it helps our mission.
>> On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org>
>> Today SANS in conjunction with MITRE have released the CWE/SANS Top 25
>> Most Dangerous Programming Errors .
>> It appears OWASP Foundation has made an official statement supporting this
>> OWASP Foundation: "When facing a huge application portfolio that could
>> contain many thousands of instances of over 700 different types of
>> weaknesses, knowing where to start is a daunting task. Done right, stamping
>> out the CWE Top 25 can not only make you significantly more secure but can
>> cut your software development costs."
>> - Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair
>>  <http://www.sans.org/top25errors/>http://www.sans.org/top25errors/
>> Thoughts? How does this affect the OWASP Top 10 Project? I'll reserve
>> comment for the time being.
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
Eoin Keary CISSP CISA
OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)
Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders