[Owasp-topten] Review of OWASP Top 10 RC1

Robert A. Martin ramartin at mitre.org
Tue Feb 20 10:43:06 EST 2007


Andrew, et. al.,

I haven't seen any reply on Steve's feed back nor any update of the 
Release Candidate 1, 200701291405 so I was wondering if Steve's 
message got lost or caught in a spam filter?

Bob Martin
CWE Project Lead
MITRE
781-271-3001 o
781-424-4095 c

P.S. I included the original attachment and altered the url he 
included in his original email to minimize the chance of that 
happening to this message too.

At 5:59 PM -0500 1/30/07, Steven M. Christey wrote:
>All,
>
>I forget whether I'm a subscriber to this list or not, but here goes.
>
>Attached are my edits of the Top 10 document.  I used Track Changes and
>the comments feature.  My comments are marked with "SMC".
>
>One main thought: if there are a lot of documents based on the Top Ten
>that reference A1, A5, etc., then consider changing the numbering scheme
>so that there's less confusion, since 2004's IDs will be different than
>2007's.  But you already provide a mapping, so maybe this is a minor
>point.
>
>I also added Common Weakness Enumeration (CWE) identifiers to the
>reference sections.  These can be made into individual links, e.g. CWE-36
>is [cwe.mitre.org/data/definitions/36.html]
>
>My writing style is quite different from the authors, so I avoided most
>wordsmithing and punctuation changes.
>
>Hope this is useful!  This document is looking pretty good.  And kudos to
>whoever went through the likely-painful process of narrowing down to
>vulnerabilities, instead of the previous mix of
>attacks/vulns/countermeasures.
>
>- Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp-top10-rc1-christey.doc
Type: application/msword
Size: 641536 bytes
Desc: not available
Url : http://lists.owasp.org/pipermail/owasp-topten/attachments/20070220/b79f9d77/attachment-0001.doc 


More information about the Owasp-topten mailing list