[Owasp-leaders] OWASP Top 2017 - Data Call

Michael Coates michael.coates at owasp.org
Sat May 21 19:04:11 UTC 2016


This is great stuff! Love the open call for data and publishing all the
provided info. I imagine they'll be some very interesting data mining of
submitted data in addition to the aggregate top 10 results.

I spread the word on Twitter too
https://twitter.com/_mwc/status/734091285787643904


On Friday, May 20, 2016, Dave Wichers <dave.wichers at owasp.org> wrote:

> Wouldn't you know it, a have a typo right in the title of my email :-).
> This is obviously a data call for the next update to the OWASP Top 10,
> which is expected to be released in 2017. Looking forward to your input.
>
> -Dave
>
> On Fri, May 20, 2016 at 10:31 PM, <dave.wichers at owasp.org
> <javascript:_e(%7B%7D,'cvml','dave.wichers at owasp.org');>> wrote:
>
>> The OWASP Top 10 project is launching its effort to update the Top 10
>> again. The current version was released in 2013, and so this update is
>> expected to be the 2016 or more likely 2017 release. This time around, we
>> are making an open data call so anyone with application vulnerability
>> statistics can contribute their data to the project. To make it easier for
>> the project to consume this contributed data, we are requesting it be
>> provided via this Google form.
>>
>> DEADLINE: Data must be submitted by July 20, 2016.
>>
>> As an OWASP project, we strive to make everything about every project as
>> open as possible. For this release of the Top 10, we are going to publish
>> all the contributed data so that anyone can review it to understand what
>> input was considered to produce this update, and for other uses as well. We
>> could imagine other groups/projects making use of this data for other
>> reasons, so we believe publishing this data will have multiple benefits.
>>
>> WARNING: You acknowledge that by contributing data to this update of the
>> Top 10, that you authorize its publication. DO NOT CONTRIBUTE anything you
>> don’t want to become public.
>>
>> Guidance on what data we are looking for:
>>
>> We are looking for web application vulnerability statistics collected by
>> your organization:
>> • In web applications you assessed.
>> • During the years 2014, 2015, or both.
>> • These vulnerabilities can be in the code itself, the libraries the
>> applications use, or in the configuration of the environment the
>> applications run in.
>>
>> We are NOT interested in OS, or network level vulnerabilities. We ARE
>> interested in vulnerabilities in any SQL code running in any databases that
>> back the applications being assessed and the database accounts used to run
>> this code, but are generally NOT interested in security issues in the
>> configuration of the database server itself.
>>
>> Use your best judgment here to try to keep the data submitted relevant to
>> the project. If you have a question or aren’t sure, just ask us for
>> clarification.
>>
>> There are 5 pages of questions, most of which are very short. The long
>> one is page 4, which asks for all the vulnerability statistics. If you
>> prefer, you can send your answers to the questions on page 4 via email to
>> dave.wichers at owasp.org
>> <javascript:_e(%7B%7D,'cvml','dave.wichers at owasp.org');> but please
>> submit the rest of your input via this Google form.
>>
>> I've invited you to fill out the form *OWASP Top 10 - 2016 Data Call*.
>> To fill it out, visit:
>>
>> https://docs.google.com/forms/d/1sBMHN5nBicjr5xSo04xkdP5JlCnXFcKFCgEHjwPGuLw/viewform?c=0&w=1&usp=mail_form_link
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> <javascript:_e(%7B%7D,'cvml','OWASP-Leaders at lists.owasp.org');>
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>

-- 

--
Michael Coates | @_mwc <https://twitter.com/intent/user?screen_name=_mwc>
OWASP Global Board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160521/9884769c/attachment.html>


More information about the OWASP-Leaders mailing list