[Owasp-topten] Top 10 2007 Final uploaded

Neil Smithline owasp-topten at smithline.net
Mon May 14 07:41:42 EDT 2007

Andrew van der Stock wrote:
> Hi folks, 
> The final of the OWASP Top 10 is now ready and has been uploaded to the
> Wiki. The PDF/Word documents are public as of now, but please hold off
> making major public noises until Tuesday Italy time as that's when it will
> be publicly announced. Feel free to let your friends and colleagues know
> about it - there has to be an advantage to working on an open source
> project, and this is it! :)
I think over the weekend we had decided that we were going to not have 
the .DOC on the website to both discourage changes to the "official 
version" as well as tidiness (largely to my revulsion of all the 
zero-day vulnerabilities in .DOC file - I think there has been about 6 
in the last 12 months) Are you agreeing with that or disagreeing? We 
also discussed making the PDF (and potentially DOC if we keep it up) 

One thought, do we need a legal disclaimer on this doc? Something like 
"Use as-is, even if all suggestions taken web sites are inherently 
vulnerability and we ain't responsible." Not sure. I'm no legal dude and 
if we ask an attorney they'll always say yes. Just thought I'd raise the 
> The Board will be sending out a press release on Tuesday, so please avoid
> sending anything to the major web sites (eg Digg / Slashdot) without talking
> to us first.
> Neil and translators: The redline between RC2 and Final is here:
> http://www.owasp.org/images/f/f4/OWASP_Top_10_RC2_to_Final_redline.doc
> Once you have a copy, I'd like to delete it as it's not necessary for the
> public to see that version.
Got a copy.
> Thanks to Neil for taking his entire weekend to Wiki-fy the Top 10. Neil, in
> response to your e-mails, I've added the authors and also re-ordered the
> helpers a bit to better reflect their "helperness". Can you re-order the
> credits on the main page to be the same? Your effort is at least the same as
> Sylans', so feel free to figure out where you should be in relation to
> Sylvan's credit. 
Leaving me the option of reording my credits - Hmm... I'll have to look 
to the sage of all things wise and ask myself "What would Homer Simpson 
do here?" Perhaps I'll need a title such as "Uber-Major Project 
Organizer and Director of This Security Thingy" ;-)

Seriously - giving me options as to how to credit myself is less fun 
than a root canal by a dental student who just ran out of novocaine and 
has the nitrous oxide mask on his face instead of mine. I'll put myself 
on line with Sylvan and avoid using words like "brilliantly and 
efficiently completed a thankless and horrifically painful task" when 
describing my work.

Unless I run into problems, I should have the Wiki completely updated by 
end-of-the-day - let's say midnite my time (or perhaps midnite in 
California or better yet Alaska :-). I've told my boss I'm officially 
off-duty today so I'll just crank through it once I'm done with the 
kid/daddy stuff. I spent a lot of time on the script and it does pretty 
much everything we need. There's only a bit of hand-editing that needs 
to happen.

I'm sorry I got involved so late, it's been fun and, assuming nobody 
minds, I'm planning on making incremental changes to the Wiki format as 
time goes on. There are a couple of things that I'm unhappy with.

Thanks for letting me help (not that anyone turns down help on an 
open-source project, no matter how functional they are) - Neil
> As to your other e-mails: It's my view that the next release, Top 10 2008,
> will branch off the Wiki version, rather than me holding on to the Word
> master. I don't want to be the road block for the 2008 edition as I move
> back onto working on the Guide. My view is that we'll keep the Top 10 doc /
> docx / PDF versions stable, and update the Wiki versions as the master as of
> now, creating milestone releases in Word / PDF version as necessary, say
> once every 12 months.
> Thanks to everyone who contributed to this release - you have helped improve
> a key OWASP deliverable which is used by millions globally.
> Thanks,
> Andrew 

More information about the Owasp-topten mailing list