[Owasp-leaders] OWASP Top Ten: Project Activity?
eoin.keary at owasp.org
Sat Jun 27 08:56:57 UTC 2015
Metrics for the top10 from us shall be cleaned and sorted :)
In a spreadsheet or XML or whatever you need. The same data is used For our own vulnerability stats report.
Who is the project lead for the top 10?
Can we ask other folks to supply similar data also?
Should we have a call to the leaders list?
Should we include both Dast and SAST metrics? I think we should.
Metrics should be validated and verified as to remove all false positives and not skew the stats.
> On 27 Jun 2015, at 09:40, Timo Goosen <timo.goosen at owasp.org> wrote:
> Thanks that would be great. WIll the data need to be processed?
> I'm thinking we can turn this into one of the sessions at AppSec USA Project Summit.
> I'd be happy to lead it if I am at the summit.
>> On Fri, Jun 26, 2015 at 11:14 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> We have 1000s of sanitised vulnerability data via our SaaS service which covers multiple industry verticals and tech stacks globally.
>> Both app layer CVE (known vulns) and coding issues (sqli, Xss etc etc). We have this to donate to the statistical model when required.
>> Eoin Keary
>> OWASP Volunteer
>>> On 26 Jun 2015, at 12:01, Timo Goosen <timo.goosen at owasp.org> wrote:
>>> This is one of the most well know OWASP projects that I can think of. The OWASP top ten only has a top ten for 2013, but not for 2013 and 2014. This project is a flagship project, but I feel the project needs to bring out some new content considering that this is one of the most well known OWASP projects and also because the world of infosec moves really fast and two years is a life time in our field.
>>> I don't have much say in this project but I'd like to see a Top ten for 2015, with research to back up the statistics. If the people on the project don't have time to come up with this info then I suggest we create a budget and request funding for someone to put time into this.
>>> Would like your thoughts on the matter.
>>> You received this message because you are subscribed to the Google Groups "OWASP Projects Task Force" group.
>>> To unsubscribe from this group and stop receiving emails from it, send an email to projects-task-force+unsubscribe at owasp.org.
>>> To post to this group, send email to projects-task-force at owasp.org.
>>> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders