[Owasp-leaders] OWASP Top Ten 2013 Wiki Version

Dave Wichers dave.wichers at owasp.org
Tue Mar 19 00:50:04 UTC 2013


It's not a Google doc. It's a .PPTX file from which we generate the .pdf
that is the published doc.

I'm all for thinking about a different model for developing the initial
draft of the Top 10 that's more open at some point, but I'd rather not
change the model for this release. I think we need to come to resolution as
to what we are going to add/change to the Top 10 related to DDOS (or not),
as well as see if we are going to change how the likelihood of successful
attack factor is calculated (by opinion as its done now, or based on facts
per Ryan's research), and then implement those changes.

And of course if anyone has any specific feedback on anything else in the
Top 10, please provide that feedback.

I'm kind of leaning towards adding a 'special' page about DDOS to the Top 10
that's not in the Top 10 list, but acknowledge this is a significant issue
that organizations should consider. This allows us to straddle the fence but
both including it, and not including it at the same time :-).  But those are
my thoughts anyway. What do others think about this idea?

-Dave

-----Original Message-----
From: Jim Manico [mailto:jim.manico at owasp.org] 
Sent: Monday, March 18, 2013 7:34 PM
To: Dave Wichers
Cc: 'OWASP Leaders'
Subject: Re: [Owasp-leaders] OWASP Top Ten 2013 Wiki Version

Understood Dave.

Can you make the Google Doc world editable to @owasp accounts so the
community can contribute directly?

Thanks,
- Jim

> Jim and everyone,
> 
>  
> 
> Hold on please. Please do not just make edits to the wiki and expect 
> they will be picked up in the Top 10 doc. The PPT we use to create the 
> Top 10 is considered the master, and the wiki version has been created 
> to make it easier to view/search on the internet. If you make direct 
> changes to the wiki, it may not get noticed and included in the Top 10
doc.
> 
>  
> 
> I know this is not how many OWASP projects work, but that's how we've 
> done the Top 10 in the past and plan to do so for at least this next 
> release. We may change the development process for the Top 10 in the 
> future, but have not done so yet, so for now, the wiki is NOT the 
> master for the Top 10, the doc itself is.
> 
>  
> 
> People have noticed minor editorial issues and sent them to me 
> directly already, and I have updated the doc that I have so those 
> changes will be reflected in the final release. People have also 
> noticed some issues in the wiki version and Neil has been addressing them
as they come in.
> 
>  
> 
> Definitely feel free to send comments and have discussions like we've 
> been having for the past month+.
> 
>  
> 
> -Dave
> 
>  
> 
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Jim Manico
> Sent: Monday, March 18, 2013 2:01 PM
> To: OWASP Leaders
> Subject: [Owasp-leaders] OWASP Top Ten 2013 Wiki Version
> 
>  
> 
> The upcoming 2013 OWASP Top Ten has been converted to Wiki:
> 
>  
> 
> https://www.owasp.org/index.php/Top_10_2013
> 
>  
> 
> If you have something to say or add, now is the time. Your community 
> contributions to the 2013 OWASP Top Ten are critical! Please dive in!
> 
>  
> 
> Aloha,
> 
> --
> 
> Jim Manico
> 
> @Manicode
> 
> (808) 652-3805
> 
> 




More information about the OWASP-Leaders mailing list