[Owasp-topten] OWASP Top 10 2007 Release Candidate

PETIT Ludovic ludovic.petit at fr.sfr.com
Thu Feb 1 04:27:51 EST 2007

Hi all

As soon as the final document will be available, I'll begin to translate
the Top 10 2007 in French, this in order to give a final translation by
the end of March for example.

I agree with Raoul about Threats v. Vulnerabilities, because, without to
raise a debate on semantics, Threat imply an action likely to harm
something (e.g. the resources
of a company), Vulnerability corresponding to the level of exposure to
the threat.
Anyway, most of the people have heard of XSS.

Wouldn't it be a good idea (that may be too "formal" but it's just a
suggestion ;-), for instance, to add the following "constant" in the

        Risk  =  Threat x Vulnerability

because whatever the Top 10 content could be, the equation still remains
the same for the users.

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Andrew van
der Stock
Sent: Monday, January 29, 2007 9:21 PM
To: owasp-topten at lists.owasp.org; owasp-leaders at lists.owasp.org
Subject: [Owasp-topten] OWASP Top 10 2007 Release Candidate

Hi there,

After a lot of work by me, Jeff and Dave, and comments and inputs from
Raoul and the list, here finally is the release candidate of the OWASP
Top 10 2007!

As the file is too big, and as we must start transitioning the content
to the Wiki, here is the placeholder Wiki T10 2007 page:


Please download and review. I would like to ensure that all comments
changes) are locked in by February 28, 2007. This unreleased document
MUST NOT be used in production documentation nor in any standards - it's
not totally ready yet.

If you are able to translate this document into other languages (it's
35 pages), please let me know ... and make it so! :)

If you know folks at PCI (or are those folks at PCI), please get in
contact with me so we can start talking over how this changes the PCI


Owasp-topten mailing list
Owasp-topten at lists.owasp.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-topten/attachments/20070201/6500ff39/attachment.html 

More information about the Owasp-topten mailing list