[Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors

Puneet Mehta puneet.mehta at owasp.org
Wed Jan 14 09:32:59 EST 2009


Here's what Gary (Cigital)  has to say on Top 10 or 25 lists .....

http://www.informit.com/articles/article.aspx?p=1322398

-Puneet

On Tue, Jan 13, 2009 at 8:31 PM, Marcin Wielgoszewski <marcin at owasp.org>wrote:

> Jeff, the thing that really bites me about it all... is nowhere, in any of
> the news postings I've read since the release, has OWASP been mentioned or
> given credit for its own Top 10.
>
> Does anyone else feel the same way?  Or am I again being overly-possessive
> and my preference for open-source, open-body organizations like OWASP
> shining through?
>
>
>
> On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams <
> jeff.williams at aspectsecurity.com> wrote:
>
>>  I helped them out with this but didn't intend for them to assume an
>> organizational endorsement.  Even though it's basically the top ten + buffer
>> overflows, it helps our mission.
>>
>> --Jeff
>>
>>
>>
>> On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org>
>> wrote:
>>
>>  Today SANS in conjunction with MITRE have released the CWE/SANS Top 25
>> Most Dangerous Programming Errors [1].
>>
>> It appears OWASP Foundation has made an official statement supporting this
>> initiative:
>>  OWASP Foundation: "When facing a huge application portfolio that could
>> contain many thousands of instances of over 700 different types of
>> weaknesses, knowing where to start is a daunting task. Done right, stamping
>> out the CWE Top 25 can not only make you significantly more secure but can
>> cut your software development costs."
>> - Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair
>> [1] <http://www.sans.org/top25errors/>http://www.sans.org/top25errors/
>>
>>
>> Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve
>> comment for the time being.
>>
>>  _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Puneet Mehta CISSP CISA CEH CPTS BS7799 LA
OWASP Delhi Board
_______________________________________________
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090114/8ac3ef33/attachment-0001.html 


More information about the OWASP-Leaders mailing list