[Owasp-leaders] [Owasp-community] Announcing the OWASP Web Hacking Incidents Database (WHID) Project - Seeking Participants

Matthew Parsons mparsons at parsonsisconsulting.com
Mon Apr 13 17:13:06 UTC 2015

I was thinking about using this type of information to do a quantitative
risk assessment to predict future software security vulnerabilities.  I
work for Intel as an application security engineer doing web penetration
testing and source code review.  I am also a second year doctoral student
with an anticipated graduation date of March 2017.  My research topic is a
qualitative review interviewing 20 software security professionals on
secure design patterns.  Dr. Gary McGraw suggested this topic.  Has the
quantitative research been done?  And if not do you think there would be an
interest with working on this?

All the best,

On Tue, Apr 7, 2015 at 10:40 AM, Ryan Barnett <ryan.barnett at owasp.org>

> Greetings OWASP Community!  I wanted to let everyone know that we have
> officially launched the project -
> https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project
> .
> Project Description:
> WHID goal is to serve as a tool for raising awareness of the web
> application security problem and provide information for statistical
> analysis of web applications security incidents. The database is unique in
> tracking only media reported security incidents that can be associated with
> a web application security vulnerability. This data is in contrast to many
> public statistics reports on vulnerability prevalence in that it shows what
> types of vulnerabilities attackers are actively exploiting.
> A useful way to use WHID is to help provide data for “Likelihood of
> Attack” RISK ratings.  There is a lot of public “vulnerability” data
> publicly available, but which ones are actively being used by attackers?
> Here is a quick mapping of OWASP Top 10 items to WHID entries -
> https://www.owasp.org/index.php/OWASP_Top_10/Mapping_to_WHID
> We are actively seeking participants who can help add entries for WHID -
> https://docs.google.com/a/owasp.org/spreadsheet/ccc?key=0AvaknFl7LiV2dHRLNEVoNks4YlJuZ1JIWHhyaG5OM2c&usp=drive_web#gid=1.
> If you you would iike to participate – please sign-up for the mail-list
> here:
> https://lists.owasp.org/mailman/listinfo/owasp_wasc_web_hacking_incidents_database_project
> <https://lists.owasp.org/mailman/listinfo/owasp_wasc_distributed_web_honeypots_project>.
> You can also follow the project on Twitter - https://twitter.com/owaspwhid
> Cheers.
> --
> Ryan Barnett
> OWASP Web Hacking Incidents Database Project Leader
> _______________________________________________
> Owasp-community mailing list
> Owasp-community at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-community

Matt Parsons, CISSP, MSM
mparsons at parsonsisconsulting.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150413/03ff7a9c/attachment.html>

More information about the OWASP-Leaders mailing list