[Owasp-topten] OWASP Top 10 2007 Release Candidate

PETIT Ludovic ludovic.petit at fr.sfr.com
Thu Feb 1 04:27:51 EST 2007


Hi all

As soon as the final document will be available, I'll begin to translate
the Top 10 2007 in French, this in order to give a final translation by
the end of March for example.

I agree with Raoul about Threats v. Vulnerabilities, because, without to
raise a debate on semantics, Threat imply an action likely to harm
something (e.g. the resources
of a company), Vulnerability corresponding to the level of exposure to
the threat.
Anyway, most of the people have heard of XSS.

Wouldn't it be a good idea (that may be too "formal" but it's just a
suggestion ;-), for instance, to add the following "constant" in the
List

        Risk  =  Threat x Vulnerability
                        Countermeasure

because whatever the Top 10 content could be, the equation still remains
the same for the users.


Ludovic
       
-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Andrew van
der Stock
Sent: Monday, January 29, 2007 9:21 PM
To: owasp-topten at lists.owasp.org; owasp-leaders at lists.owasp.org
Subject: [Owasp-topten] OWASP Top 10 2007 Release Candidate

Hi there,

After a lot of work by me, Jeff and Dave, and comments and inputs from
Raoul and the list, here finally is the release candidate of the OWASP
Top 10 2007!

As the file is too big, and as we must start transitioning the content
to the Wiki, here is the placeholder Wiki T10 2007 page:

http://www.owasp.org/index.php/Top_10_2007

Please download and review. I would like to ensure that all comments
(and
changes) are locked in by February 28, 2007. This unreleased document
MUST NOT be used in production documentation nor in any standards - it's
not totally ready yet.

If you are able to translate this document into other languages (it's
only
35 pages), please let me know ... and make it so! :)

If you know folks at PCI (or are those folks at PCI), please get in
contact with me so we can start talking over how this changes the PCI
DSS.

Thanks,
Andrew


_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
http://lists.owasp.org/mailman/listinfo/owasp-topten

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-topten/attachments/20070201/6500ff39/attachment.html 


More information about the Owasp-topten mailing list