[Owasp-topten] Top 10 2007 Final uploaded

Calderon, Juan Carlos (GE, Corporate, consultant) juan.calderon at ge.com
Mon May 14 09:38:17 EDT 2007

Not big deal but, why not publishing in PDF and OpendDocument format?

It could be a good idea to keep the 3 document formats used in OWASP
documentation open. WIKI for Web, PDF and OpenDocument for offline.

Just a small comment,
Juan Carlos Calderon

-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Neil
Sent: Lunes, 14 de Mayo de 2007 06:42 a.m.
To: Andrew van der Stock
Cc: Sebastien Deleersnyder; maartenmestdagh at yahoo.com; HyungKeun Park;
Dave Wichers; Jeff Williams; dinis.cruz at owasp.net;
owasp-topten at lists.owasp.org
Subject: Re: [Owasp-topten] Top 10 2007 Final uploaded

Andrew van der Stock wrote:
> Hi folks,
> The final of the OWASP Top 10 is now ready and has been uploaded to 
> the Wiki. The PDF/Word documents are public as of now, but please hold

> off making major public noises until Tuesday Italy time as that's when

> it will be publicly announced. Feel free to let your friends and 
> colleagues know about it - there has to be an advantage to working on 
> an open source project, and this is it! :)
I think over the weekend we had decided that we were going to not have
the .DOC on the website to both discourage changes to the "official
version" as well as tidiness (largely to my revulsion of all the
zero-day vulnerabilities in .DOC file - I think there has been about 6
in the last 12 months) Are you agreeing with that or disagreeing? We
also discussed making the PDF (and potentially DOC if we keep it up)

One thought, do we need a legal disclaimer on this doc? Something like
"Use as-is, even if all suggestions taken web sites are inherently
vulnerability and we ain't responsible." Not sure. I'm no legal dude and
if we ask an attorney they'll always say yes. Just thought I'd raise the
> The Board will be sending out a press release on Tuesday, so please 
> avoid sending anything to the major web sites (eg Digg / Slashdot) 
> without talking to us first.
> Neil and translators: The redline between RC2 and Final is here:
> http://www.owasp.org/images/f/f4/OWASP_Top_10_RC2_to_Final_redline.doc
> Once you have a copy, I'd like to delete it as it's not necessary for 
> the public to see that version.
Got a copy.
> Thanks to Neil for taking his entire weekend to Wiki-fy the Top 10. 
> Neil, in response to your e-mails, I've added the authors and also 
> re-ordered the helpers a bit to better reflect their "helperness". Can

> you re-order the credits on the main page to be the same? Your effort 
> is at least the same as Sylans', so feel free to figure out where you 
> should be in relation to Sylvan's credit.
Leaving me the option of reording my credits - Hmm... I'll have to look
to the sage of all things wise and ask myself "What would Homer Simpson
do here?" Perhaps I'll need a title such as "Uber-Major Project
Organizer and Director of This Security Thingy" ;-)

Seriously - giving me options as to how to credit myself is less fun
than a root canal by a dental student who just ran out of novocaine and
has the nitrous oxide mask on his face instead of mine. I'll put myself
on line with Sylvan and avoid using words like "brilliantly and
efficiently completed a thankless and horrifically painful task" when
describing my work.

Unless I run into problems, I should have the Wiki completely updated by
end-of-the-day - let's say midnite my time (or perhaps midnite in
California or better yet Alaska :-). I've told my boss I'm officially
off-duty today so I'll just crank through it once I'm done with the
kid/daddy stuff. I spent a lot of time on the script and it does pretty
much everything we need. There's only a bit of hand-editing that needs
to happen.

I'm sorry I got involved so late, it's been fun and, assuming nobody
minds, I'm planning on making incremental changes to the Wiki format as
time goes on. There are a couple of things that I'm unhappy with.

Thanks for letting me help (not that anyone turns down help on an
open-source project, no matter how functional they are) - Neil
> As to your other e-mails: It's my view that the next release, Top 10 
> 2008, will branch off the Wiki version, rather than me holding on to 
> the Word master. I don't want to be the road block for the 2008 
> edition as I move back onto working on the Guide. My view is that 
> we'll keep the Top 10 doc / docx / PDF versions stable, and update the

> Wiki versions as the master as of now, creating milestone releases in 
> Word / PDF version as necessary, say once every 12 months.
> Thanks to everyone who contributed to this release - you have helped 
> improve a key OWASP deliverable which is used by millions globally.
> Thanks,
> Andrew
Owasp-topten mailing list
Owasp-topten at lists.owasp.org

More information about the Owasp-topten mailing list