[Owasp-topten] Top 10 2007

Daniel Cuthbert daniel.cuthbert at owasp.org
Fri Jul 7 01:05:48 EDT 2006


My issue with the PCI side of things is that their input has always  
been very one-sided. They are more than happy to use our content but  
threw their toys  out of the pram with our OWASP PCI project.

The power of the Top 10 is that WE decided what went into it and they  
adopted it, so surely us bowing down to them isn't the best way to go?
We aren't a fly-by-night organization and they should adopt, and  
enforce, whatever new Top 10 we release.

I say we do what we do best and let the industry adopt it

On 6 Jul 2006, at 21:40, Andrew van der Stock wrote:

> I've had (private) feedback that maybe the Top 10x3 will not fly  
> with the PCI folks, and as they are a major user/enforcer of the  
> Top 10. I will need to go and hassle my PCI contacts and start the  
> discussions earlier than I expected. Is anyone here represent PCI?
>
> We can do the Top 10 attacks research - that much will always be a  
> part of the Top 10. I have two volunteers for this activity, but  
> more is always welcome.
>
> thanks,
> Andrew
>
> On 07/07/2006, at 12:04 AM, Sam Buchanan wrote:
>
>> On 7/4/06, Andrew van der Stock wrote:
>>> Okay, the June 30 deadline has gone. The only folks to pipe up
>>> agree :-)
>>
>> Perhaps silence is assent. :) It's a good plan with an achievable
>> timeline. I hesitated a bit at making the Top 10 a Top 10 x 3, but
>> it's still a manageable size for an education document, and the
>> breakdown of topics makes it more useful, so I was won over. I'm
>> especially glad that you've suggested a presentation to accompany the
>> Top 10. I can probably test-drive that at my local chapter.
>>
>>> If you feel you have a page of the Top 10 in you, please let us  
>>> know :)
>>
>> Count me in.
>>
>> Using Tomcat but need to do more? Need to support web services,  
>> security?
>> Get stuff done quickly with pre-integrated technology to make your  
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
>> Geronimo
>> http://sel.as-us.falkag.net/sel? 
>> cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/owasp-topten
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642______________________________ 
> _________________
> Owasp-topten mailing list
> Owasp-topten at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-topten





More information about the Owasp-topten mailing list