[Owasp-leaders] OWASP Top Ten: Project Activity?

Timo Goosen timo.goosen at owasp.org
Mon Jun 29 10:28:25 UTC 2015


Dave Wichers is the project leader, I will CC him into this email.

I think we should talk to the people on the leader list aswell.


>>Should we include both Dast and SAST metrics? I think we should.
I'm not sure what those stand for but the more the merrier so I think yes
include it.

Regards.
Timo

On Sat, Jun 27, 2015 at 10:56 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

> Hi Timo,
>
> Metrics for the top10 from us shall be cleaned and sorted :)
> In a spreadsheet or XML or whatever you need. The same data is used For
> our own vulnerability stats report.
>
> Who is the project lead for the top 10?
> Can we ask other folks to supply similar data also?
> Should we have a call to the leaders list?
> Should we include both Dast and SAST metrics? I think we should.
> Metrics should be validated and verified as to remove all false positives
> and not skew the stats.
>
>
>
> Eoin Keary
> OWASP Volunteer
> @eoinkeary
>
>
>
> On 27 Jun 2015, at 09:40, Timo Goosen <timo.goosen at owasp.org> wrote:
>
> Thanks that would be great. WIll the data need to be processed?
> I'm thinking we can turn this into one of the sessions at AppSec USA
> Project Summit.
> I'd be happy to lead it if I am at the summit.
>
>
> Regards.
> Timo
>
> On Fri, Jun 26, 2015 at 11:14 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> We have 1000s of sanitised vulnerability data via our SaaS service which
>> covers multiple industry verticals and tech stacks globally.
>>
>> Both app layer CVE (known vulns) and coding issues (sqli, Xss etc etc).
>> We have this to donate to the statistical model when required.
>>
>> Eoin.
>>
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>>
>>
>>
>> On 26 Jun 2015, at 12:01, Timo Goosen <timo.goosen at owasp.org> wrote:
>>
>> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
>>
>>
>> This is one of the most well know OWASP projects that I can think of. The
>> OWASP top ten only has a top ten for 2013, but not for 2013 and 2014.  This
>> project is a flagship project, but I feel the project needs to bring out
>> some new content considering that this is one of the most well known OWASP
>> projects and also because the world of infosec moves really fast and two
>> years is a life time in our field.
>>
>> I don't have much say in this project but I'd like to see a Top ten for
>> 2015, with research to back up the statistics. If the people on the project
>> don't have time to come up with this info then I suggest we create a budget
>> and request funding for someone to put time into this.
>>
>>
>> Would like your thoughts on the matter.
>>
>> Regards.
>> Timo
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/ef3f6a41/attachment.html>


More information about the OWASP-Leaders mailing list