<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.apple-style-span
        {mso-style-name:apple-style-span;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body bgcolor=white lang=EN-US link=blue vlink=purple>

<div class=WordSection1>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I’d be happy to see both styles of Top 10’s developed.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Regarding the Top 10 for Mobile. I’d love for a group of mobile
security experts to explore whether it truly is different than the existing Top
10 and why. And then let us know what they have discovered and have that
reviewed by the community. If the rough consensus is that it is truly different,
then it would be great to write one. If the consensus is that it is very
similar, maybe we should write an ‘interpretation’ of the Top 10 in the Mobile
environment, or if, we decide its essentially the same set of risks, then we
should state that publicly on the wiki.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I don’t know which way it will fall, but I’d love to hear what
people think on this subject.<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>-Dave<o:p></o:p></span></p>

<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p>&nbsp;</o:p></span></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> owasp-leaders-bounces@lists.owasp.org
[mailto:owasp-leaders-bounces@lists.owasp.org] <b>On Behalf Of </b>Jim Manico<br>
<b>Sent:</b> Thursday, September 09, 2010 11:58 AM<br>
<b>To:</b> owasp-leaders@lists.owasp.org<br>
<b>Subject:</b> Re: [Owasp-leaders] Reaching developers = cooperative hackathons<o:p></o:p></span></p>

</div>

</div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<div>

<p class=MsoNormal>More importantly, I think we need to put •language specific•
Top Tens' out front.<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

<div>

<p class=MsoNormal>OWASP Top Ten for PHP<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal>OWASP Top Ten for Java<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal>Etc<o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

</div>

<div>

<p class=MsoNormal>This will help OWASP reach developers in a more prolific
way.<br>
<br>
-Jim Manico<o:p></o:p></p>

<div>

<p class=MsoNormal><a href="http://manico.net">http://manico.net</a><o:p></o:p></p>

</div>

</div>

<div>

<p class=MsoNormal style='margin-bottom:12.0pt'><br>
On Sep 9, 2010, at 5:19 AM, Sherif Koussa &lt;<a
href="mailto:sherif.koussa@gmail.com">sherif.koussa@gmail.com</a>&gt; wrote:<o:p></o:p></p>

</div>

<blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'>

<div>

<p class=MsoNormal><span class=apple-style-span><span style='font-family:"Arial","sans-serif";
color:black'>Would the leaders think there is value in starting a Top Ten for
Mobile Applications?&nbsp;Or would that lie sort of outside&nbsp;the boundaries
of OWASP since they might not typically be &quot;web&quot; applications? </span></span><span
class=apple-style-span><span style='font-family:"Arial","sans-serif";
color:black'><o:p></o:p></span></span></p>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'><br>
Regards,</span><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><span style='font-family:"Arial","sans-serif";color:black'>Sherif<o:p></o:p></span></p>

</div>

<p class=MsoNormal style='margin-bottom:12.0pt'><o:p>&nbsp;</o:p></p>

<div>

<p class=MsoNormal>On Wed, Sep 8, 2010 at 10:38 AM, Dave Wichers &lt;<a
href="mailto:dave.wichers@owasp.org">dave.wichers@owasp.org</a>&gt; wrote:<o:p></o:p></p>

<div>

<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>I would like to see more top ten lists
and I think this is a reasonable list to shoot for.&nbsp; And I hope it would
echo similar sentiments that are presented by the OWASP Guide. And if not, they
should be synced up.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>I still want to get a real Top Ten for
Web Services done. We took a shot back in 2008 but I haven’t had the energy to
really get it completed.</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>-Dave</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>Dave Wichers</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>OWASP Top 10 Project Lead</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<div>

<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> <a
href="mailto:owasp-leaders-bounces@lists.owasp.org">owasp-leaders-bounces@lists.owasp.org</a>
[mailto:<a href="mailto:owasp-leaders-bounces@lists.owasp.org">owasp-leaders-bounces@lists.owasp.org</a>]
<b>On Behalf Of </b>James McGovern<br>
<b>Sent:</b> Wednesday, September 08, 2010 8:41 AM </span><o:p></o:p></p>

<div>

<p class=MsoNormal><br>
<b>To:</b> <a href="mailto:owasp-leaders@lists.owasp.org">owasp-leaders@lists.owasp.org</a><o:p></o:p></p>

</div>

<div>

<p class=MsoNormal><b>Subject:</b> Re: [Owasp-leaders] Reaching developers =
cooperative hackathons<o:p></o:p></p>

</div>

</div>

</div>

<div>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>Does anyone else think starting a
project to create a Top Ten list for Software Architects has merit? Since my
past project of starting a certification resulted in a fail, I am game to try
again and see if we can create a win…</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:10.0pt;color:gray'>James McGovern<br>
</span></b><span style='font-size:10.0pt;color:gray'>Insurance SBU </span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:10.0pt;color:gray'>Virtusa </span></b><b><span
style='font-size:10.0pt;color:#7F7F7F'>Corporation</span></b><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:10.0pt;color:gray'>100 Northfield Drive, Suite 305 | Windsor,
CT | 06095</span><o:p></o:p></p>

<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span
style='font-size:10.0pt;color:#7F7F7F'>Phone:&nbsp; </span></b><span
style='font-size:10.0pt;color:gray'>860 688 9900</span><span style='font-size:
10.0pt;color:#7F7F7F'> <b>Ext:&nbsp; </b></span><span style='font-size:10.0pt;
color:gray'>1037</span><span style='font-size:10.0pt;color:#7F7F7F'> | <b>Facsimile:&nbsp;
</b></span><span style='font-size:10.0pt;color:gray'>860 688 2890</span><span
style='font-size:10.0pt;color:#7F7F7F'> &nbsp;</span><o:p></o:p></p>

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

</body>

</html>