[Owasp-leaders] On "Insufficient Attack Protection", and the role of OWASP...

johanna curiel curiel johanna.curiel at owasp.org
Thu Apr 13 12:49:34 UTC 2017


https://danielmiessler.com/blog/comments-owasp-top-10-2017-draft/#gs.WXVi5Dw

On Wed, Apr 12, 2017 at 9:48 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> The OWASP Top 10 - 2017 data call data and some basic analysis of it is
> available in this folder on github: https://github.com/
> OWASP/Top10/tree/master/2017/datacall. It's a simple multi-tab Excel
> spreadsheet.
>
> -Dave
>
>
> On Wed, Apr 12, 2017 at 7:42 AM, Eoin Keary <eoin.keary at owasp.org> wrote:
>
>> As a Contributing company to the Top10 stats I'd like to understand the
>> stats behind both new additions. Appreciated if someone can point me to the
>> right files/stats model?
>>
>>
>>
>>
>> Sent from my iPhone
>>
>> On 12 Apr 2017, at 05:19, Azzeddine Ramrami <azzeddine.ramrami at owasp.org>
>> wrote:
>>
>> Hi,
>>
>> I agree to change the name from "Insufficient Attack Protection" but not
>> to Improper Trust Modeling".
>>
>> I suggest to change it to "Insufficient Attack Detection and Response".
>>
>> Regards,
>> Azzeddine
>>
>> On Wed, Apr 12, 2017 at 7:24 AM, Norman Yue <norman.yue at owasp.org> wrote:
>>
>>> Hey folks,
>>>
>>> Greetings from sunny Sydney - I hope this email finds you well. I
>>> apologise for spamming owasp-leaders with this, but I think this is
>>> important enough that this warrants the attention of the international
>>> leadership community.
>>>
>>> Traditionally, we have been a trusted source of information with regards
>>> to web application information security, providing both tools and technical
>>> reference information to developers and application security professionals,
>>> to help secure the Internet for everyone.
>>>
>>> Today, "Insufficient Attack Protection" is actually being considered for
>>> inclusion in an OWASP Top Ten list.
>>>
>>> (Constructively, I think this should be replaced with something like
>>> "improper trust modelling", and we push the Google BeyondCorp line of
>>> thinking https://research.google.com/pubs/pub43231.html - the polar
>>> opposite to "buy a waf").
>>>
>>> Words do not express my burning rage, and my disappointment that no-one
>>> else appears to feel the same way (I read through the owasp-topten list
>>> before posting this). Do people still care about the future of this
>>> community, and how OWASP is perceived throughout the information security
>>> industry?
>>>
>>> With best regards,
>>>
>>>
>>> Norm
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Azzeddine RAMRAMI
>> +33 6 65 48 90 04 <+33%206%2065%2048%2090%2004>.
>> OWASP CSRFGuard Project Leader
>> OWASP Leader (Morocco Chapter)
>> Cognitive Security Expert
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170413/37dbdfe9/attachment.html>


More information about the OWASP-Leaders mailing list