[Owasp-topten] Extension to Comment Period for 2010 RC1?

Steven M. Christey coley at linus.mitre.org
Wed Dec 16 12:53:01 EST 2009


On Wed, 16 Dec 2009, Christian Heinrich wrote:

> I would prefer that OWASP didn't venture down the path of competing for 
> media attention with SANS due our reputation within the greater appsec 
> community but if you consider the SANS Top 25 is a risk to the OWASP Top 
> Ten then it would be advantageous to publish the final at the next OWASP 
> Conference in 2010 as this would allow for a comparison with SANS Top 
> 25.

I'm the technical lead for the Top 25 and don't want these efforts to 
appear competitive in any fashion.  I doubt we will get the attention that 
we got last year, but you never know.  We included a FAQ question last 
year, but that requires people to actually read it...

http://cwe.mitre.org/top25/faq.html

I'll bring up the issue to the Top 25 community.

> Obviously, SANS could include the entries of the RC in their Top 25 as 
> the RC has already been published.

I think this is a good idea and will pursue it as an appendix.

- Steve


More information about the Owasp-topten mailing list