[Owasp-leaders] Reaching developers = cooperative hackathons

kuai hinojosa kuai.hinojosa at owasp.org
Fri Sep 10 11:11:14 EDT 2010


Dave,

I agree, It would be more useful as you said to write a Top Ten interpretation in a mobile environment. I'd like to help out as it is an area I am focusing at the moment.

Kuai

On Sep 10, 2010, at 10:34 AM, "Dave Wichers" <dave.wichers at owasp.org> wrote:

> I’d be happy to see both styles of Top 10’s developed.
> 
>  
> 
> Regarding the Top 10 for Mobile. I’d love for a group of mobile security experts to explore whether it truly is different than the existing Top 10 and why. And then let us know what they have discovered and have that reviewed by the community. If the rough consensus is that it is truly different, then it would be great to write one. If the consensus is that it is very similar, maybe we should write an ‘interpretation’ of the Top 10 in the Mobile environment, or if, we decide its essentially the same set of risks, then we should state that publicly on the wiki.
> 
>  
> 
> I don’t know which way it will fall, but I’d love to hear what people think on this subject.
> 
>  
> 
> -Dave
> 
>  
> 
> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
> Sent: Thursday, September 09, 2010 11:58 AM
> To: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] Reaching developers = cooperative hackathons
> 
>  
> 
> More importantly, I think we need to put •language specific• Top Tens' out front.
> 
>  
> 
> OWASP Top Ten for PHP
> 
> OWASP Top Ten for Java
> 
> Etc
> 
>  
> 
> This will help OWASP reach developers in a more prolific way.
> 
> -Jim Manico
> 
> http://manico.net
> 
> 
> On Sep 9, 2010, at 5:19 AM, Sherif Koussa <sherif.koussa at gmail.com> wrote:
> 
> Would the leaders think there is value in starting a Top Ten for Mobile Applications? Or would that lie sort of outside the boundaries of OWASP since they might not typically be "web" applications?
> 
> 
> Regards,
> 
> Sherif
> 
>  
> 
> On Wed, Sep 8, 2010 at 10:38 AM, Dave Wichers <dave.wichers at owasp.org> wrote:
> 
> I would like to see more top ten lists and I think this is a reasonable list to shoot for.  And I hope it would echo similar sentiments that are presented by the OWASP Guide. And if not, they should be synced up.
> 
>  
> 
> I still want to get a real Top Ten for Web Services done. We took a shot back in 2008 but I haven’t had the energy to really get it completed.
> 
>  
> 
> -Dave
> 
>  
> 
> Dave Wichers
> 
> OWASP Top 10 Project Lead
> 
>  
> 
> From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of James McGovern
> Sent: Wednesday, September 08, 2010 8:41 AM
> 
> 
> To: owasp-leaders at lists.owasp.org
> 
> Subject: Re: [Owasp-leaders] Reaching developers = cooperative hackathons
> 
>  
> 
> Does anyone else think starting a project to create a Top Ten list for Software Architects has merit? Since my past project of starting a certification resulted in a fail, I am game to try again and see if we can create a win…
> 
>  
> 
> James McGovern
> Insurance SBU
> 
> Virtusa Corporation
> 
> 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
> 
> Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100910/594236c9/attachment.html 


More information about the OWASP-Leaders mailing list