[Owasp-leaders] Potential Update to the OWASP Risk Rating Methodology

Tim tim.morgan at owasp.org
Tue Mar 12 18:08:27 UTC 2013


> Context is everything! Developers live in a very detailed and low
> level world; and are very likely to not understand how their
> decisions impact the entire organisation, and for this reason it is
> all the more important that they not be making decisions,
> particularly about risks without the involvement of the security
> management team.


I agree.  I see these ratings as a way for "breakers" and management
to communicate about priorties.

tim


More information about the OWASP-Leaders mailing list