[Owasp-leaders] OWASP Mobile Top 10 - potential conflict of interest in M10

Jonathan Carter jonathan.carter at owasp.org
Tue Nov 4 20:06:15 UTC 2014


Part of the real challenge here is that we did not make the data for 2014
open and transparent for everyone to see. Hence, there is a lot of
speculation that this is driven by some corrupt process.  Nothing could be
further from the truth.

For the 2015 list, we agreed that the data would be publicly exposed for
everyone to see to understand how the categories were arrived at.  We have
already agreed that the 2014 list was finalized and any changes would be
make for 2015 as there was plenty of time and opportunity for community
feedback.

By agreeing to change the list after it has already been agreed upon, we
are undermining the credibility of the process and the process of taking a
data-driven approach to this.

On Tue, Nov 4, 2014 at 11:23 AM, Jason Haddix <jason.haddix at owasp.org>
wrote:

> That's kinda what we did for the 2nd round of the MTT, so a revision
> highlight of sorts in the footnotes was what i was leaning towards.
>
> On Tue, Nov 4, 2014 at 11:17 AM, Neil Smithline <neil.smithline at owasp.org>
> wrote:
>
>>
>> On Tue, Nov 4, 2014 at 2:12 PM, Jason Haddix <jason.haddix at owasp.org>
>> wrote:
>>
>>> Also to the OWASP veterans: We are proposing to remove m10 right away
>>> instead of waiting till 2015's version of the MTT (which we have already
>>> started soliciting data for).  Do you think this precedent is ok? or is it
>>> more pertinent to wait since some people are using the list as-is and mid
>>> cycle change could disrupt policy created from the current list?
>>
>>
>> What about creating a V2 of the list so that references to the original
>> list continue to be valid?
>>
>> Neil Smithline
>> 408-634-5764
>> http://www.neilsmithline.com
>>
>
>
>
> --
> Jason Haddix
> OWASP Mobile Top Ten Project Leader
> Mobile Security Researcher
> (805) 698 2885
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141104/75ad7c0b/attachment.html>


More information about the OWASP-Leaders mailing list