[Owasp-leaders] Reaching developers = cooperative hackathons

Dan Cornell dan at denimgroup.com
Fri Sep 10 11:21:05 EDT 2010


I have some stuff I can submit for this as well

Thanks

Dan


Sent from my iPhone

On Sep 10, 2010, at 8:12 AM, "kuai hinojosa" <kuai.hinojosa at owasp.org<mailto:kuai.hinojosa at owasp.org>> wrote:

Dave,

I agree, It would be more useful as you said to write a Top Ten interpretation in a mobile environment. I'd like to help out as it is an area I am focusing at the moment.

Kuai

On Sep 10, 2010, at 10:34 AM, "Dave Wichers" <<mailto:dave.wichers at owasp.org>dave.wichers at owasp.org<mailto:dave.wichers at owasp.org>> wrote:

I’d be happy to see both styles of Top 10’s developed.

Regarding the Top 10 for Mobile. I’d love for a group of mobile security experts to explore whether it truly is different than the existing Top 10 and why. And then let us know what they have discovered and have that reviewed by the community. If the rough consensus is that it is truly different, then it would be great to write one. If the consensus is that it is very similar, maybe we should write an ‘interpretation’ of the Top 10 in the Mobile environment, or if, we decide its essentially the same set of risks, then we should state that publicly on the wiki.

I don’t know which way it will fall, but I’d love to hear what people think on this subject.

-Dave

From: <mailto:owasp-leaders-bounces at lists.owasp.org> owasp-leaders-bounces at lists.owasp.org<mailto:owasp-leaders-bounces at lists.owasp.org> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
Sent: Thursday, September 09, 2010 11:58 AM
To: <mailto:owasp-leaders at lists.owasp.org> <mailto:owasp-leaders at lists.owasp.org> owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] Reaching developers = cooperative hackathons

More importantly, I think we need to put •language specific• Top Tens' out front.

OWASP Top Ten for PHP
OWASP Top Ten for Java
Etc

This will help OWASP reach developers in a more prolific way.

-Jim Manico
<http://manico.net><http://manico.net>http://manico.net

On Sep 9, 2010, at 5:19 AM, Sherif Koussa <<mailto:sherif.koussa at gmail.com><mailto:sherif.koussa at gmail.com>sherif.koussa at gmail.com<mailto:sherif.koussa at gmail.com>> wrote:
Would the leaders think there is value in starting a Top Ten for Mobile Applications? Or would that lie sort of outside the boundaries of OWASP since they might not typically be "web" applications?

Regards,
Sherif

On Wed, Sep 8, 2010 at 10:38 AM, Dave Wichers <<mailto:dave.wichers at owasp.org><mailto:dave.wichers at owasp.org>dave.wichers at owasp.org<mailto:dave.wichers at owasp.org>> wrote:
I would like to see more top ten lists and I think this is a reasonable list to shoot for.  And I hope it would echo similar sentiments that are presented by the OWASP Guide. And if not, they should be synced up.

I still want to get a real Top Ten for Web Services done. We took a shot back in 2008 but I haven’t had the energy to really get it completed.

-Dave

Dave Wichers
OWASP Top 10 Project Lead

From: <mailto:owasp-leaders-bounces at lists.owasp.org> <mailto:owasp-leaders-bounces at lists.owasp.org> owasp-leaders-bounces at lists.owasp.org<mailto:owasp-leaders-bounces at lists.owasp.org> [mailto:<mailto:owasp-leaders-bounces at lists.owasp.org><mailto:owasp-leaders-bounces at lists.owasp.org>owasp-leaders-bounces at lists.owasp.org<mailto:owasp-leaders-bounces at lists.owasp.org>] On Behalf Of James McGovern
Sent: Wednesday, September 08, 2010 8:41 AM

To: <mailto:owasp-leaders at lists.owasp.org> <mailto:owasp-leaders at lists.owasp.org> owasp-leaders at lists.owasp.org<mailto:owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] Reaching developers = cooperative hackathons

Does anyone else think starting a project to create a Top Ten list for Software Architects has merit? Since my past project of starting a certification resulted in a fail, I am game to try again and see if we can create a win…

James McGovern
Insurance SBU
Virtusa Corporation
100 Northfield Drive, Suite 305 | Windsor, CT | 06095
Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890
_______________________________________________
OWASP-Leaders mailing list
<mailto:OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
<https://lists.owasp.org/mailman/listinfo/owasp-leaders>https://lists.owasp.org/mailman/listinfo/owasp-leaders
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org<mailto:OWASP-Leaders at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100910/027e2874/attachment-0001.html 


More information about the OWASP-Leaders mailing list