[Owasp-topten] Extension to Comment Period for 2010 RC1?

Christian Heinrich christian.heinrich at owasp.org
Tue Dec 15 21:05:08 EST 2009


Dave,

I will be sending a number of comments through over the next two weeks.

I would prefer that OWASP didn't venture down the path of competing
for media attention with SANS due our reputation within the greater
appsec community but if you consider the SANS Top 25 is a risk to the
OWASP Top Ten then it would be advantageous to publish the final at
the next OWASP Conference in 2010 as this would allow for a comparison
with SANS Top 25.

Obviously, SANS could include the entries of the RC in their Top 25 as
the RC has already been published.

Furthermore, readership is generally still down until February so a
final release sometime *after* the SANS Top 25 would increase the
awareness of the Top Ten 2010 and generate some publicity for the
OWASP Conference too.

On Wed, Dec 16, 2009 at 9:24 AM, Dave Wichers
<dave.wichers at aspectsecurity.com> wrote:
> It's a reasonable question, but I would prefer not to extend it. People
> have had 1 month to comment on it and the amount of comments I have been
> receiving lately has dropped to a trickle.
>
> The other reason I'd like not to extend it as I want to get it done and
> released before the next update to the SANS Top 25, which is supposed to
> be released in February. I don't want the final release of the OWASP Top
> 10- 2010 to get lost in the noise of the next SANS Top 25 update.
>
> That's why I'm going to try to get the Top 10 done and out the door by
> Mid January if possible. That's my current plan anyway.
>
> -Dave
>
> -----Original Message-----
> From: owasp-topten-bounces at lists.owasp.org
> [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Christian
> Heinrich
> Sent: Tuesday, December 15, 2009 5:17 PM
> To: OWASP-TopTen at lists.owasp.org
> Subject: [Owasp-topten] Extension to Comment Period for 2010 RC1?
>
> Dave,
>
> It is possible that a number of comments may not be received due to
> the upcoming holiday period which could lead the public to
> (incorrectly) conclude that OWASP was trying to ensure a minimal
> debate on the Release Candidate.
>
> Would it be possible to extend the public comment period for the 2010
> RC1 till the end of February 2010 (to account for people returning to
> work) as I doubt that any additional action (such as printing, etc)
> can commence until at least the end of January 2010?
>
>
> --
> Regards,
> Christian Heinrich - http://sn.im/cmlh_linkedin_profile
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> Speaking Schedule at http://sn.im/cmlh_speaking_schedule
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>

-- 
Regards,
Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule


More information about the Owasp-topten mailing list