[Owasp-leaders] CWE/SANS Top 25 Most Dangerous ProgrammingErrors

Marco M. Morana marco.m.morana at gmail.com
Wed Jan 14 07:58:02 EST 2009


If you look at the contributors of this important document http://www.sans.org/top25errors/, we have both people that implicitly are OWASP members (e.g Jeff Williams, James Walden and Ivan Ristic the ones I recognize) as well as explicitly as organization: The working group at the first OWASP ESAPI Summit. 

I am not sure that the fact that OWASP T10 is not mentioned lessen the credit or miss an opportunity to shine as organization critical to produce this document for software security

OWASP Chapter Lead

Writing Secure Software Blogger


  ----- Original Message ----- 
  From: Marcin Wielgoszewski 
  To: Jeff Williams 
  Cc: owasp-leaders at lists.owasp.org 
  Sent: Tuesday, January 13, 2009 10:01 AM
  Subject: Re: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous ProgrammingErrors

  Jeff, the thing that really bites me about it all... is nowhere, in any of the news postings I've read since the release, has OWASP been mentioned or given credit for its own Top 10.

  Does anyone else feel the same way?  Or am I again being overly-possessive and my preference for open-source, open-body organizations like OWASP shining through?

  On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:

    I helped them out with this but didn't intend for them to assume an organizational endorsement.  Even though it's basically the top ten + buffer overflows, it helps our mission. 


    On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org> wrote:

      Today SANS in conjunction with MITRE have released the CWE/SANS Top 25 Most Dangerous Programming Errors [1].  

      It appears OWASP Foundation has made an official statement supporting this initiative:

        OWASP Foundation: 
        "When facing a huge application portfolio that could contain many thousands of instances of over 700 different types of weaknesses, knowing where to start is a daunting task. Done right, stamping out the CWE Top 25 can not only make you significantly more secure but can cut your software development costs."
        - Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair

      [1] http://www.sans.org/top25errors/

      Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve comment for the time being.

      OWASP-Leaders mailing list
      OWASP-Leaders at lists.owasp.org


  OWASP-Leaders mailing list
  OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090114/18106c9a/attachment-0001.html 

More information about the OWASP-Leaders mailing list