[Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors
puneet.mehta at owasp.org
Wed Jan 14 09:32:59 EST 2009
Here's what Gary (Cigital) has to say on Top 10 or 25 lists .....
On Tue, Jan 13, 2009 at 8:31 PM, Marcin Wielgoszewski <marcin at owasp.org>wrote:
> Jeff, the thing that really bites me about it all... is nowhere, in any of
> the news postings I've read since the release, has OWASP been mentioned or
> given credit for its own Top 10.
> Does anyone else feel the same way? Or am I again being overly-possessive
> and my preference for open-source, open-body organizations like OWASP
> shining through?
> On Tue, Jan 13, 2009 at 7:24 AM, Jeff Williams <
> jeff.williams at aspectsecurity.com> wrote:
>> I helped them out with this but didn't intend for them to assume an
>> organizational endorsement. Even though it's basically the top ten + buffer
>> overflows, it helps our mission.
>> On Jan 13, 2009, at 12:34 AM, "Marcin Wielgoszewski" <marcin at owasp.org>
>> Today SANS in conjunction with MITRE have released the CWE/SANS Top 25
>> Most Dangerous Programming Errors .
>> It appears OWASP Foundation has made an official statement supporting this
>> OWASP Foundation: "When facing a huge application portfolio that could
>> contain many thousands of instances of over 700 different types of
>> weaknesses, knowing where to start is a daunting task. Done right, stamping
>> out the CWE Top 25 can not only make you significantly more secure but can
>> cut your software development costs."
>> - Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair
>>  <http://www.sans.org/top25errors/>http://www.sans.org/top25errors/
>> Thoughts? How does this affect the OWASP Top 10 Project? I'll reserve
>> comment for the time being.
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
Puneet Mehta CISSP CISA CEH CPTS BS7799 LA
OWASP Delhi Board
Owasp-delhi mailing list
Owasp-delhi at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders