[Owasp-topten] OWASP Top 10 Simplified

Neil Smithline owasp-topten at smithline.net
Sun May 27 17:14:05 EDT 2007


Sounds difficult but great. A word of advice (OK, a paragraph of 
advice), and an offer for reviewing.

Before you get started, I think you should figure out what are the 
maintenance plans for this new doc. Will it be kept in sync going 
forward with the Wiki or the PDF version? If so, how often will updates 
occur? Where will this document reside? What happens if a major mistake 
(I guess unlikely but not impossible) or some other change takes place 
in the current doc? Will it be reflected in the non-techie version (NTV 
as compared to the official version  (OV))? I think simple answers might 
suffice here but you should probably figure it out before so you don't 
run down any wrong paths and have to redo work.

As far as reviewing - I'm not exactly a non-techie but I'll be happy to 
review it. I suspect I can still provide some feedback even though I'm 
not your target audience. Also, once I see the document, I'll let you 
know if I can think up any friends/coworkers I can stick with the 
reviewing task. I have a graphic artist, a career manager (was never an 
engineer) and a recruiter in mind. I'll discuss any of this with you 
before distributing to ensure you keep control over preliminary versions.

- Neil

PS: Good luck on an NTV version of XSS and XSRF. I can't tell you how 
many bright engineers I run into who don't get those or who claim to 
"get" them but say they are not vulnerabilities.

PPS: Be sure to add to the document lots of phrases like "Security is 
hard, security people are smart, you should pay them more." Maybe as a 
subliminal watermark or something.... ;-)

Daniel Cuthbert wrote:
> rewriting the new one, but using non-technical language
>
>
> On 27 May 2007, at 20:46, Neil Smithline wrote:
>
>> I'm not exactly clear what you are doing? Are you rewriting the 
>> existing document, writing a new one, add a new section, adding a 
>> supplement to the existing document?
>>
>> Thanks - Neil
>>
>> Daniel Cuthbert wrote:
>>> Afternoon all,
>>>
>>> Not sure if everyone is aware, but I am currently adapting the Top 
>>> 10  so that it is more business friendly. The benefit of this is 
>>> that the  upper level of management will also be able to understand 
>>> the  implications and actions of not following the Top 10.
>>>
>>> I am currently about 40% though the translation process and aim to 
>>> be  finished in a few weeks,
>>>
>>> What I am looking for is a select number of people who are able to  
>>> peer it, and they cannot be technical as I need a non-technical  
>>> person to be able to understand it :0)
>>>
>>> Cheers
>>>
>>> Daniel
>>> _______________________________________________
>>> Owasp-topten mailing list
>>> Owasp-topten at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>>
>>>
>
>


More information about the Owasp-topten mailing list