[Owasp-leaders] [Owasp-community] OT10 Risks?

Jim Manico jim.manico at owasp.org
Wed Sep 24 19:40:30 UTC 2014


Dave,

Sounds like the OT10 team did the best they could with a difficult
decision. A few brief notes...

> something like what CWE-79 does: “Improper Neutralization of Input During Web Page Generation”.

This is actually called, "Improper Neutralization of Input During Web
Page Generation ('Cross-Site Scripting')" so the secondary title sure
leads me to believe that Mitre considers XSS to be a straight up
weakness.

Regardless, your team made tough choices and I see why. Perhaps we can
go over those choices again when the next OT10 process begins?

Someone asked me who my favorite OWASPer was and I said "Dave Wichers"
right away. Why? Because even in the heat of difficult conversations
and disagreement, you continue to send me suggestions to make the wiki
better. (I'll get the current list done soon). Everyone makes mistakes
and disagreements are common in our industry and community. But what
makes OWASPers shine in my opinion is technical collaboration. Thank
you Dave for continuing with your donations, even when (especially
when) we do not necessarily see eye-to-eye. Hat tip to you.

Aloha,
--
Jim Manico
@Manicode
(808) 652-3805

> On Sep 24, 2014, at 8:21 AM, Dave Wichers <dave.wichers at owasp.org> wrote:
>
> something like what CWE-79 does: “Improper Neutralization of Input During Web Page Generation”.


More information about the OWASP-Leaders mailing list