[Owasp-topten] Derivation From MITRE Data

Tracy, Edward tracy_edward at bah.com
Thu Feb 1 10:16:08 EST 2007


I'm very pleased with the document. It's made a great improvement over
the confusing fud categories that people always asked me about.

Of course I also like the use of the MITRE data. But I must say it's not
clear how this was done. I wish the document would map the mitre data
graph on p5 to the top ten mapping table on p6. The names of the top ten
do not directly align with the mitre data graph. I believe this is due
to using common terminology and combining/splitting some of the mitre
results. This really should be explained.

The document leads the reader to believe there is a one-to-one mapping. 

-ed

Ps. As an aside, I'm surprised "Insecure Communications" is regarded as
a top ten.


More information about the Owasp-topten mailing list