[Owasp-topten] Extension to Comment Period for 2010 RC1?
Steven M. Christey
coley at linus.mitre.org
Wed Dec 16 12:53:01 EST 2009
On Wed, 16 Dec 2009, Christian Heinrich wrote:
> I would prefer that OWASP didn't venture down the path of competing for
> media attention with SANS due our reputation within the greater appsec
> community but if you consider the SANS Top 25 is a risk to the OWASP Top
> Ten then it would be advantageous to publish the final at the next OWASP
> Conference in 2010 as this would allow for a comparison with SANS Top
> 25.
I'm the technical lead for the Top 25 and don't want these efforts to
appear competitive in any fashion. I doubt we will get the attention that
we got last year, but you never know. We included a FAQ question last
year, but that requires people to actually read it...
http://cwe.mitre.org/top25/faq.html
I'll bring up the issue to the Top 25 community.
> Obviously, SANS could include the entries of the RC in their Top 25 as
> the RC has already been published.
I think this is a good idea and will pursue it as an appendix.
- Steve
More information about the Owasp-topten
mailing list