[Owasp-leaders] OWASP Top Ten: Project Activity?
timo.goosen at owasp.org
Mon Jun 29 10:28:25 UTC 2015
Dave Wichers is the project leader, I will CC him into this email.
I think we should talk to the people on the leader list aswell.
>>Should we include both Dast and SAST metrics? I think we should.
I'm not sure what those stand for but the more the merrier so I think yes
On Sat, Jun 27, 2015 at 10:56 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
> Hi Timo,
> Metrics for the top10 from us shall be cleaned and sorted :)
> In a spreadsheet or XML or whatever you need. The same data is used For
> our own vulnerability stats report.
> Who is the project lead for the top 10?
> Can we ask other folks to supply similar data also?
> Should we have a call to the leaders list?
> Should we include both Dast and SAST metrics? I think we should.
> Metrics should be validated and verified as to remove all false positives
> and not skew the stats.
> Eoin Keary
> OWASP Volunteer
> On 27 Jun 2015, at 09:40, Timo Goosen <timo.goosen at owasp.org> wrote:
> Thanks that would be great. WIll the data need to be processed?
> I'm thinking we can turn this into one of the sessions at AppSec USA
> Project Summit.
> I'd be happy to lead it if I am at the summit.
> On Fri, Jun 26, 2015 at 11:14 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>> We have 1000s of sanitised vulnerability data via our SaaS service which
>> covers multiple industry verticals and tech stacks globally.
>> Both app layer CVE (known vulns) and coding issues (sqli, Xss etc etc).
>> We have this to donate to the statistical model when required.
>> Eoin Keary
>> OWASP Volunteer
>> On 26 Jun 2015, at 12:01, Timo Goosen <timo.goosen at owasp.org> wrote:
>> This is one of the most well know OWASP projects that I can think of. The
>> OWASP top ten only has a top ten for 2013, but not for 2013 and 2014. This
>> project is a flagship project, but I feel the project needs to bring out
>> some new content considering that this is one of the most well known OWASP
>> projects and also because the world of infosec moves really fast and two
>> years is a life time in our field.
>> I don't have much say in this project but I'd like to see a Top ten for
>> 2015, with research to back up the statistics. If the people on the project
>> don't have time to come up with this info then I suggest we create a budget
>> and request funding for someone to put time into this.
>> Would like your thoughts on the matter.
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders