[Owasp-leaders] [Owasp-topten] OWASP Top 10 Methodology

Dennis Groves dennis.groves at owasp.org
Wed Mar 20 13:16:50 UTC 2013


On 20 Mar 2013, at 13:11, Christey, Steven M. wrote:

> While I don't know how often these are exploited (and they may be 
> difficult to detect), or how often they'll be exploited in the future, 
> these kinds of application DoS issues are becoming popular.  As 
> code-execution vulns get harder to find, I suspect we will see more of 
> these.  This might not be enough to merit inclusion in the OWASP Top 
> Ten, but is definitely something to watch out for.

Agreed, currently there is not enough evidence to warrant inclusion into 
the top 10. That said, the risk is real. I in particular believe that 
lack of containment is a much bigger issue in Application security.
I think that both DoS and lack of containment warrant at least an 
appendix entry in the current Top 10, and I think it is worth noting 
that both issues are architecture flaws.

-- 
[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 
meeting](http://goo.gl/8sPIy).

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 
software](http://www.fsf.org/campaigns/secure-boot/statement).

> The idea that some lives matter less is the root of all that’s wrong 
> with the world. -- Paul Farmer


More information about the OWASP-Leaders mailing list