[Owasp-topten] Top 10 2007 Final uploaded
owasp-topten at smithline.net
Mon May 14 07:41:42 EDT 2007
Andrew van der Stock wrote:
> Hi folks,
> The final of the OWASP Top 10 is now ready and has been uploaded to the
> Wiki. The PDF/Word documents are public as of now, but please hold off
> making major public noises until Tuesday Italy time as that's when it will
> be publicly announced. Feel free to let your friends and colleagues know
> about it - there has to be an advantage to working on an open source
> project, and this is it! :)
I think over the weekend we had decided that we were going to not have
the .DOC on the website to both discourage changes to the "official
version" as well as tidiness (largely to my revulsion of all the
zero-day vulnerabilities in .DOC file - I think there has been about 6
in the last 12 months) Are you agreeing with that or disagreeing? We
also discussed making the PDF (and potentially DOC if we keep it up)
One thought, do we need a legal disclaimer on this doc? Something like
"Use as-is, even if all suggestions taken web sites are inherently
vulnerability and we ain't responsible." Not sure. I'm no legal dude and
if we ask an attorney they'll always say yes. Just thought I'd raise the
> The Board will be sending out a press release on Tuesday, so please avoid
> sending anything to the major web sites (eg Digg / Slashdot) without talking
> to us first.
> Neil and translators: The redline between RC2 and Final is here:
> Once you have a copy, I'd like to delete it as it's not necessary for the
> public to see that version.
Got a copy.
> Thanks to Neil for taking his entire weekend to Wiki-fy the Top 10. Neil, in
> response to your e-mails, I've added the authors and also re-ordered the
> helpers a bit to better reflect their "helperness". Can you re-order the
> credits on the main page to be the same? Your effort is at least the same as
> Sylans', so feel free to figure out where you should be in relation to
> Sylvan's credit.
Leaving me the option of reording my credits - Hmm... I'll have to look
to the sage of all things wise and ask myself "What would Homer Simpson
do here?" Perhaps I'll need a title such as "Uber-Major Project
Organizer and Director of This Security Thingy" ;-)
Seriously - giving me options as to how to credit myself is less fun
than a root canal by a dental student who just ran out of novocaine and
has the nitrous oxide mask on his face instead of mine. I'll put myself
on line with Sylvan and avoid using words like "brilliantly and
efficiently completed a thankless and horrifically painful task" when
describing my work.
Unless I run into problems, I should have the Wiki completely updated by
end-of-the-day - let's say midnite my time (or perhaps midnite in
California or better yet Alaska :-). I've told my boss I'm officially
off-duty today so I'll just crank through it once I'm done with the
kid/daddy stuff. I spent a lot of time on the script and it does pretty
much everything we need. There's only a bit of hand-editing that needs
I'm sorry I got involved so late, it's been fun and, assuming nobody
minds, I'm planning on making incremental changes to the Wiki format as
time goes on. There are a couple of things that I'm unhappy with.
Thanks for letting me help (not that anyone turns down help on an
open-source project, no matter how functional they are) - Neil
> As to your other e-mails: It's my view that the next release, Top 10 2008,
> will branch off the Wiki version, rather than me holding on to the Word
> master. I don't want to be the road block for the 2008 edition as I move
> back onto working on the Guide. My view is that we'll keep the Top 10 doc /
> docx / PDF versions stable, and update the Wiki versions as the master as of
> now, creating milestone releases in Word / PDF version as necessary, say
> once every 12 months.
> Thanks to everyone who contributed to this release - you have helped improve
> a key OWASP deliverable which is used by millions globally.
More information about the Owasp-topten