[Owasp-leaders] OWASP Top 2017 - Data Call

Dave Wichers dave.wichers at owasp.org
Sat May 21 02:51:08 UTC 2016


Wouldn't you know it, a have a typo right in the title of my email :-).
This is obviously a data call for the next update to the OWASP Top 10,
which is expected to be released in 2017. Looking forward to your input.

-Dave

On Fri, May 20, 2016 at 10:31 PM, <dave.wichers at owasp.org> wrote:

> The OWASP Top 10 project is launching its effort to update the Top 10
> again. The current version was released in 2013, and so this update is
> expected to be the 2016 or more likely 2017 release. This time around, we
> are making an open data call so anyone with application vulnerability
> statistics can contribute their data to the project. To make it easier for
> the project to consume this contributed data, we are requesting it be
> provided via this Google form.
>
> DEADLINE: Data must be submitted by July 20, 2016.
>
> As an OWASP project, we strive to make everything about every project as
> open as possible. For this release of the Top 10, we are going to publish
> all the contributed data so that anyone can review it to understand what
> input was considered to produce this update, and for other uses as well. We
> could imagine other groups/projects making use of this data for other
> reasons, so we believe publishing this data will have multiple benefits.
>
> WARNING: You acknowledge that by contributing data to this update of the
> Top 10, that you authorize its publication. DO NOT CONTRIBUTE anything you
> don’t want to become public.
>
> Guidance on what data we are looking for:
>
> We are looking for web application vulnerability statistics collected by
> your organization:
> • In web applications you assessed.
> • During the years 2014, 2015, or both.
> • These vulnerabilities can be in the code itself, the libraries the
> applications use, or in the configuration of the environment the
> applications run in.
>
> We are NOT interested in OS, or network level vulnerabilities. We ARE
> interested in vulnerabilities in any SQL code running in any databases that
> back the applications being assessed and the database accounts used to run
> this code, but are generally NOT interested in security issues in the
> configuration of the database server itself.
>
> Use your best judgment here to try to keep the data submitted relevant to
> the project. If you have a question or aren’t sure, just ask us for
> clarification.
>
> There are 5 pages of questions, most of which are very short. The long one
> is page 4, which asks for all the vulnerability statistics. If you prefer,
> you can send your answers to the questions on page 4 via email to
> dave.wichers at owasp.org but please submit the rest of your input via this
> Google form.
>
> I've invited you to fill out the form *OWASP Top 10 - 2016 Data Call*. To
> fill it out, visit:
>
> https://docs.google.com/forms/d/1sBMHN5nBicjr5xSo04xkdP5JlCnXFcKFCgEHjwPGuLw/viewform?c=0&w=1&usp=mail_form_link
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160520/e54f69ed/attachment-0001.html>


More information about the OWASP-Leaders mailing list