[Owasp-leaders] [Owasp-community] OT10 Risks?

Timur 'x' Khrotko (owasp) timur at owasp.org
Sun Sep 21 21:11:10 UTC 2014


(vulnerability types, meta weaknesses)

We may take the MITRE approach in order not to invent parallel terminology.

https://cwe.mitre.org (weaknesses, vuln types, cca 700 elements)
https://cve.mitre.org  (vulnerabilities and exposures, thousands)
https://capec.mitre.org (attack patterns)


The top 41 SANS "Most Dangerous Software Errors"
https://cwe.mitre.org/top25/index.html
+ 16
https://cwe.mitre.org/top25/archive/2011/2011_onthecusp.html


On Sun, Sep 21, 2014 at 11:04 PM, Eoin Keary <eoin.keary at owasp.org> wrote:

> Risk != vuln
>
> Risk is defined as:
> "(Exposure to) the possibility of loss, injury, or other adverse or
> unwelcome circumstance; a chance or situation involving such a possibility."
>
> The result of a weakness being leveraged and unwelcome outcomes.
>
>
>
> Eoin Keary
> Owasp Global Board
> +353 87 977 2988
>
>
> On 21 Sep 2014, at 16:53, Jim Manico <jim.manico at owasp.org> wrote:
>
> >> T10 lists does not accurately
> > reflect the most dangerous "risks" or that it would be better to name it
> > differently?
> >
> > The commentary that I received was that the term "risk" did not
> > actually reflect the items on the lists. Folks have told me it should
> > be "vulnerabilities" or "attacks" or "weaknesses" and more.
> >
> > I'm not sure what the right answer is here...
> >
> > Aloha,
> > --
> > Jim Manico
> > @Manicode
> > (808) 652-3805
> >
> >> On Sep 21, 2014, at 4:50 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> >>
> >> T10 lists does not accurately
> >> reflect the most dangerous "risks" or that it would be better to name it
> >> differently?
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140921/276b6782/attachment-0001.html>


More information about the OWASP-Leaders mailing list