[Owasp-leaders] On "Insufficient Attack Protection", and the role of OWASP...

Dave Wichers dave.wichers at owasp.org
Thu Apr 13 01:48:29 UTC 2017


The OWASP Top 10 - 2017 data call data and some basic analysis of it is
available in this folder on github:
https://github.com/OWASP/Top10/tree/master/2017/datacall. It's a simple
multi-tab Excel spreadsheet.

-Dave


On Wed, Apr 12, 2017 at 7:42 AM, Eoin Keary <eoin.keary at owasp.org> wrote:

> As a Contributing company to the Top10 stats I'd like to understand the
> stats behind both new additions. Appreciated if someone can point me to the
> right files/stats model?
>
>
>
>
> Sent from my iPhone
>
> On 12 Apr 2017, at 05:19, Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
> wrote:
>
> Hi,
>
> I agree to change the name from "Insufficient Attack Protection" but not
> to Improper Trust Modeling".
>
> I suggest to change it to "Insufficient Attack Detection and Response".
>
> Regards,
> Azzeddine
>
> On Wed, Apr 12, 2017 at 7:24 AM, Norman Yue <norman.yue at owasp.org> wrote:
>
>> Hey folks,
>>
>> Greetings from sunny Sydney - I hope this email finds you well. I
>> apologise for spamming owasp-leaders with this, but I think this is
>> important enough that this warrants the attention of the international
>> leadership community.
>>
>> Traditionally, we have been a trusted source of information with regards
>> to web application information security, providing both tools and technical
>> reference information to developers and application security professionals,
>> to help secure the Internet for everyone.
>>
>> Today, "Insufficient Attack Protection" is actually being considered for
>> inclusion in an OWASP Top Ten list.
>>
>> (Constructively, I think this should be replaced with something like
>> "improper trust modelling", and we push the Google BeyondCorp line of
>> thinking https://research.google.com/pubs/pub43231.html - the polar
>> opposite to "buy a waf").
>>
>> Words do not express my burning rage, and my disappointment that no-one
>> else appears to feel the same way (I read through the owasp-topten list
>> before posting this). Do people still care about the future of this
>> community, and how OWASP is perceived throughout the information security
>> industry?
>>
>> With best regards,
>>
>>
>> Norm
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Azzeddine RAMRAMI
> +33 6 65 48 90 04 <+33%206%2065%2048%2090%2004>.
> OWASP CSRFGuard Project Leader
> OWASP Leader (Morocco Chapter)
> Cognitive Security Expert
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170412/fb07504c/attachment.html>


More information about the OWASP-Leaders mailing list