[Owasp-leaders] OWASP Top Ten: Project Activity?

Claudia Casanovas claudia.aviles-casanovas at owasp.org
Mon Jun 29 13:00:01 UTC 2015


Hi Dave,

Please let me know how I can jump and help.

Claudia Aviles-Casanovas
Project Coordinator
551-221-5854


On Mon, Jun 29, 2015 at 6:28 AM, Timo Goosen <timo.goosen at owasp.org> wrote:

> Dave Wichers is the project leader, I will CC him into this email.
>
> I think we should talk to the people on the leader list aswell.
>
>
> >>Should we include both Dast and SAST metrics? I think we should.
> I'm not sure what those stand for but the more the merrier so I think yes
> include it.
>
> Regards.
> Timo
>
> On Sat, Jun 27, 2015 at 10:56 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> Hi Timo,
>>
>> Metrics for the top10 from us shall be cleaned and sorted :)
>> In a spreadsheet or XML or whatever you need. The same data is used For
>> our own vulnerability stats report.
>>
>> Who is the project lead for the top 10?
>> Can we ask other folks to supply similar data also?
>> Should we have a call to the leaders list?
>> Should we include both Dast and SAST metrics? I think we should.
>> Metrics should be validated and verified as to remove all false positives
>> and not skew the stats.
>>
>>
>>
>> Eoin Keary
>> OWASP Volunteer
>> @eoinkeary
>>
>>
>>
>> On 27 Jun 2015, at 09:40, Timo Goosen <timo.goosen at owasp.org> wrote:
>>
>> Thanks that would be great. WIll the data need to be processed?
>> I'm thinking we can turn this into one of the sessions at AppSec USA
>> Project Summit.
>> I'd be happy to lead it if I am at the summit.
>>
>>
>> Regards.
>> Timo
>>
>> On Fri, Jun 26, 2015 at 11:14 AM, Eoin Keary <eoin.keary at owasp.org>
>> wrote:
>>
>>> We have 1000s of sanitised vulnerability data via our SaaS service which
>>> covers multiple industry verticals and tech stacks globally.
>>>
>>> Both app layer CVE (known vulns) and coding issues (sqli, Xss etc etc).
>>> We have this to donate to the statistical model when required.
>>>
>>> Eoin.
>>>
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>>
>>>
>>>
>>> On 26 Jun 2015, at 12:01, Timo Goosen <timo.goosen at owasp.org> wrote:
>>>
>>> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
>>>
>>>
>>> This is one of the most well know OWASP projects that I can think of.
>>> The OWASP top ten only has a top ten for 2013, but not for 2013 and 2014.
>>> This project is a flagship project, but I feel the project needs to bring
>>> out some new content considering that this is one of the most well known
>>> OWASP projects and also because the world of infosec moves really fast and
>>> two years is a life time in our field.
>>>
>>> I don't have much say in this project but I'd like to see a Top ten for
>>> 2015, with research to back up the statistics. If the people on the project
>>> don't have time to come up with this info then I suggest we create a budget
>>> and request funding for someone to put time into this.
>>>
>>>
>>> Would like your thoughts on the matter.
>>>
>>> Regards.
>>> Timo
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "OWASP Projects Task Force" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to projects-task-force+unsubscribe at owasp.org.
>>> To post to this group, send email to projects-task-force at owasp.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com
>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "OWASP Projects Task Force" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to projects-task-force+unsubscribe at owasp.org.
> To post to this group, send email to projects-task-force at owasp.org.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYBd730QN%3Dvc8VV7hbz523o%2BkTTDWshx6%2BdX6ekdXGjPZg%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYBd730QN%3Dvc8VV7hbz523o%2BkTTDWshx6%2BdX6ekdXGjPZg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/a25b94bb/attachment.html>


More information about the OWASP-Leaders mailing list