[Owasp-leaders] [Owasp-community] OT10 Risks?

Timur 'x' Khrotko (owasp) timur at owasp.org
Sun Sep 21 21:12:42 UTC 2014


(vulnerability types, meta weaknesses)

We may take the MITRE approach in order not to invent parallel terminology.

cwe.mitre.org (weaknesses, vuln types, cca 700 elements)
cve.mitre.org  (vulnerabilities and exposures, thousands)
capec.mitre.org (attack patterns)


The top 41 SANS "Most Dangerous Software Errors"
cwe.mitre.org/top25/index.html
+ 16
cwe.mitre.org/top25/archive/2011/2011_onthecusp.html


On Sun, Sep 21, 2014 at 11:11 PM, Timur 'x' Khrotko (owasp) <timur at owasp.org
> wrote:

> (vulnerability types, meta weaknesses)
>
> We may take the MITRE approach in order not to invent parallel terminology.
>
> https://cwe.mitre.org (weaknesses, vuln types, cca 700 elements)
> https://cve.mitre.org  (vulnerabilities and exposures, thousands)
> https://capec.mitre.org (attack patterns)
>
>
> The top 41 SANS "Most Dangerous Software Errors"
> https://cwe.mitre.org/top25/index.html
> + 16
> https://cwe.mitre.org/top25/archive/2011/2011_onthecusp.html
>
>
> On Sun, Sep 21, 2014 at 11:04 PM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> Risk != vuln
>>
>> Risk is defined as:
>> "(Exposure to) the possibility of loss, injury, or other adverse or
>> unwelcome circumstance; a chance or situation involving such a possibility."
>>
>> The result of a weakness being leveraged and unwelcome outcomes.
>>
>>
>>
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>>
>>
>> On 21 Sep 2014, at 16:53, Jim Manico <jim.manico at owasp.org> wrote:
>>
>> >> T10 lists does not accurately
>> > reflect the most dangerous "risks" or that it would be better to name it
>> > differently?
>> >
>> > The commentary that I received was that the term "risk" did not
>> > actually reflect the items on the lists. Folks have told me it should
>> > be "vulnerabilities" or "attacks" or "weaknesses" and more.
>> >
>> > I'm not sure what the right answer is here...
>> >
>> > Aloha,
>> > --
>> > Jim Manico
>> > @Manicode
>> > (808) 652-3805
>> >
>> >> On Sep 21, 2014, at 4:50 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>> >>
>> >> T10 lists does not accurately
>> >> reflect the most dangerous "risks" or that it would be better to name
>> it
>> >> differently?
>> > _______________________________________________
>> > OWASP-Leaders mailing list
>> > OWASP-Leaders at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>
>

-- 
Email us to enforce secure link with your mail servers (domain).
This message may contain confidential information - you should handle it 
accordingly.
Ez a levél bizalmas információt tartalmazhat, és ekként kezelendő.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140921/1a331eae/attachment.html>


More information about the OWASP-Leaders mailing list