[Owasp-leaders] OWASP Top Ten: Project Activity?

Paul Ritchie paul.ritchie at owasp.org
Mon Jun 29 15:46:33 UTC 2015


Hi All:

Let me follow up with full support for our new Project Coordinator to jump
in and help out the Top 10 team as needed.
I think Claudia could help out a great deal with coordination and tracking
of 'new' items that might qualify for the 2015 version of Top 10.

Of course we will need the 'subject matter expertise' from community &
Top10 team, but Claudia can certainly help with organization, structure and
eventual preparation of a Top 10 output doc for 2015.

Paul

Best Regards, Paul Ritchie
OWASP Executive Director
paul.ritchie at owasp.org


On Mon, Jun 29, 2015 at 6:00 AM, Claudia Casanovas <
claudia.aviles-casanovas at owasp.org> wrote:

> Hi Dave,
>
> Please let me know how I can jump and help.
>
> Claudia Aviles-Casanovas
> Project Coordinator
> 551-221-5854
>
>
> On Mon, Jun 29, 2015 at 6:28 AM, Timo Goosen <timo.goosen at owasp.org>
> wrote:
>
>> Dave Wichers is the project leader, I will CC him into this email.
>>
>> I think we should talk to the people on the leader list aswell.
>>
>>
>> >>Should we include both Dast and SAST metrics? I think we should.
>> I'm not sure what those stand for but the more the merrier so I think yes
>> include it.
>>
>> Regards.
>> Timo
>>
>> On Sat, Jun 27, 2015 at 10:56 AM, Eoin Keary <eoin.keary at owasp.org>
>> wrote:
>>
>>> Hi Timo,
>>>
>>> Metrics for the top10 from us shall be cleaned and sorted :)
>>> In a spreadsheet or XML or whatever you need. The same data is used For
>>> our own vulnerability stats report.
>>>
>>> Who is the project lead for the top 10?
>>> Can we ask other folks to supply similar data also?
>>> Should we have a call to the leaders list?
>>> Should we include both Dast and SAST metrics? I think we should.
>>> Metrics should be validated and verified as to remove all false
>>> positives and not skew the stats.
>>>
>>>
>>>
>>> Eoin Keary
>>> OWASP Volunteer
>>> @eoinkeary
>>>
>>>
>>>
>>> On 27 Jun 2015, at 09:40, Timo Goosen <timo.goosen at owasp.org> wrote:
>>>
>>> Thanks that would be great. WIll the data need to be processed?
>>> I'm thinking we can turn this into one of the sessions at AppSec USA
>>> Project Summit.
>>> I'd be happy to lead it if I am at the summit.
>>>
>>>
>>> Regards.
>>> Timo
>>>
>>> On Fri, Jun 26, 2015 at 11:14 AM, Eoin Keary <eoin.keary at owasp.org>
>>> wrote:
>>>
>>>> We have 1000s of sanitised vulnerability data via our SaaS service
>>>> which covers multiple industry verticals and tech stacks globally.
>>>>
>>>> Both app layer CVE (known vulns) and coding issues (sqli, Xss etc etc).
>>>> We have this to donate to the statistical model when required.
>>>>
>>>> Eoin.
>>>>
>>>> Eoin Keary
>>>> OWASP Volunteer
>>>> @eoinkeary
>>>>
>>>>
>>>>
>>>> On 26 Jun 2015, at 12:01, Timo Goosen <timo.goosen at owasp.org> wrote:
>>>>
>>>> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
>>>>
>>>>
>>>> This is one of the most well know OWASP projects that I can think of.
>>>> The OWASP top ten only has a top ten for 2013, but not for 2013 and 2014.
>>>> This project is a flagship project, but I feel the project needs to bring
>>>> out some new content considering that this is one of the most well known
>>>> OWASP projects and also because the world of infosec moves really fast and
>>>> two years is a life time in our field.
>>>>
>>>> I don't have much say in this project but I'd like to see a Top ten for
>>>> 2015, with research to back up the statistics. If the people on the project
>>>> don't have time to come up with this info then I suggest we create a budget
>>>> and request funding for someone to put time into this.
>>>>
>>>>
>>>> Would like your thoughts on the matter.
>>>>
>>>> Regards.
>>>> Timo
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OWASP Projects Task Force" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to projects-task-force+unsubscribe at owasp.org.
>>>> To post to this group, send email to projects-task-force at owasp.org.
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com
>>>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYCb7MUpj%3DDO4QyAjNHQPd6ts935g44Gd3SoPNe_dPE7iw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>>
>>>
>>  --
>> You received this message because you are subscribed to the Google Groups
>> "OWASP Projects Task Force" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to projects-task-force+unsubscribe at owasp.org.
>> To post to this group, send email to projects-task-force at owasp.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYBd730QN%3Dvc8VV7hbz523o%2BkTTDWshx6%2BdX6ekdXGjPZg%40mail.gmail.com
>> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAMOWqYBd730QN%3Dvc8VV7hbz523o%2BkTTDWshx6%2BdX6ekdXGjPZg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "OWASP Projects Task Force" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to projects-task-force+unsubscribe at owasp.org.
> To post to this group, send email to projects-task-force at owasp.org.
> To view this discussion on the web visit
> https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAM6biOYsf-tin%3DSGFTAF8mBGgg3v0PYKqwfiqTrt%2BW13CZ%2BpTA%40mail.gmail.com
> <https://groups.google.com/a/owasp.org/d/msgid/projects-task-force/CAM6biOYsf-tin%3DSGFTAF8mBGgg3v0PYKqwfiqTrt%2BW13CZ%2BpTA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/fbf7fa4f/attachment.html>


More information about the OWASP-Leaders mailing list