[Owasp-leaders] Reaching developers = cooperative hackathons

Venkatesh Jagannathan venki at owasp.org
Mon Sep 13 03:21:13 EDT 2010


In the context of language specific list, here are my thoughts:

0. First of all targeting various languages will be painful and we will be
ending up with too many "Top Ten" lists. Managing them becomes cubersome and
painful, to say the least.

1. It does not matter what language a business implementation is done. I
find that whatever language one writes, security is anyway needed. So why
should one concentrate on language specific list? I see that SANS list of
common programming errors (Top 25 programming errors) is a good enough guide
for all developers rather than sticking to language specific list

2. Over a period of time, new langugaes evolve and many other languages just
die out. Do we need to maintian a list for newer lamguages? This makes it
hard because not all languages are equall and not all are equally popular :)

3. Instead of this, we should concentrate more on concept driven lists. That
should be good enough to cover all the security loopholes.

Thank & Regards,
~Venk!




On Thu, Sep 9, 2010 at 9:28 PM, Jim Manico <jim.manico at owasp.org> wrote:

> More importantly, I think we need to put •language specific• Top Tens' out
> front.
>
> OWASP Top Ten for PHP
> OWASP Top Ten for Java
> Etc
>
> This will help OWASP reach developers in a more prolific way.
>
> -Jim Manico
> http://manico.net
>
> On Sep 9, 2010, at 5:19 AM, Sherif Koussa <sherif.koussa at gmail.com> wrote:
>
> Would the leaders think there is value in starting a Top Ten for Mobile
> Applications? Or would that lie sort of outside the boundaries of OWASP
> since they might not typically be "web" applications?
>
> Regards,
> Sherif
>
>
> On Wed, Sep 8, 2010 at 10:38 AM, Dave Wichers < <dave.wichers at owasp.org>
> dave.wichers at owasp.org> wrote:
>
>>  I would like to see more top ten lists and I think this is a reasonable
>> list to shoot for.  And I hope it would echo similar sentiments that are
>> presented by the OWASP Guide. And if not, they should be synced up.
>>
>>
>>
>> I still want to get a real Top Ten for Web Services done. We took a shot
>> back in 2008 but I haven’t had the energy to really get it completed.
>>
>>
>>
>> -Dave
>>
>>
>>
>> Dave Wichers
>>
>> OWASP Top 10 Project Lead
>>
>>
>>
>> *From:* <owasp-leaders-bounces at lists.owasp.org>
>> owasp-leaders-bounces at lists.owasp.org [mailto:<owasp-leaders-bounces at lists.owasp.org>
>> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *James McGovern
>> *Sent:* Wednesday, September 08, 2010 8:41 AM
>>
>> *To:* <owasp-leaders at lists.owasp.org>owasp-leaders at lists.owasp.org
>> *Subject:* Re: [Owasp-leaders] Reaching developers = cooperative
>> hackathons
>>
>>
>>
>> Does anyone else think starting a project to create a Top Ten list for
>> Software Architects has merit? Since my past project of starting a
>> certification resulted in a fail, I am game to try again and see if we can
>> create a win…
>>
>>
>>
>> *James McGovern
>> *Insurance SBU
>>
>> *Virtusa **Corporation***
>>
>> 100 Northfield Drive, Suite 305 | Windsor, CT | 06095
>>
>> *Phone:  *860 688 9900 *Ext:  *1037 | *Facsimile:  *860 688 2890
>>
>> <http://www.virtusa.com/>
>>
>
> <http://www.virtusa.com/>  <http://www.virtusa.com/blog/>
>>
>
> <http://www.virtusa.com/blog/> <https://twitter.com/VirtusaCorp>
>>
>
> <https://twitter.com/VirtusaCorp> <http://www.linkedin.com/companies/virtusa>
>>
>
> <http://www.linkedin.com/companies/virtusa> <http://www.facebook.com/VirtusaCorp>
>>
>
> <http://www.facebook.com/VirtusaCorp>
>>
>>
>>
>> *From:* <antonio.fontes at gmail.com>antonio.fontes at gmail.com [mailto:<antonio.fontes at gmail.com>
>> antonio.fontes at gmail.com] *On Behalf Of *AF
>> *Sent:* Tuesday, September 07, 2010 10:33 AM
>> *To:* James McGovern
>> *Subject:* Re: [Owasp-leaders] Reaching developers = cooperative
>> hackathons
>>
>>
>>
>>
>>
>> On Tue, Sep 7, 2010 at 3:48 PM, James McGovern < <JMcGovern at virtusa.com>
>> JMcGovern at virtusa.com> wrote:
>>
>> We can also agree that many of the successful attacks aren’t really caused
>> by coding mistakes of developers, but really can be attributed to suboptimal
>> architecture decisions made by some architect who threw a design over the
>> wall without understanding the ramifications of their choices. What if we
>> collectively thought of a Top Ten list for Architects to consider when
>> designing software…
>>
>>
>>
>>
>>
>> Definitely YES!
>>
>>
>>
>> Virtusa was recently ranked and featured in 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list, 2009 Deloitte Technology Fast 500 and 2009 Dataquest-IDC Best Employers Survey among others.
>>
>>
>>
>> ---------------------------------------------------------------------------------------------
>>
>>
>>
>> This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.
>>
>>
>>
>> ---------------------------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100913/347ed23e/attachment-0001.html 


More information about the OWASP-Leaders mailing list