[Owasp-topten] Extension to Comment Period for 2010 RC1?

Dave Wichers dave.wichers at aspectsecurity.com
Wed Dec 16 13:01:05 EST 2009

I'm not thinking there is anything deliberate going on one way or the
other. We just noticed you were planning an update and so avoiding a
timing conflict seemed prudent for us, that's all.


-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Steven M.
Sent: Wednesday, December 16, 2009 12:53 PM
To: Christian Heinrich
Cc: OWASP-TopTen at lists.owasp.org
Subject: Re: [Owasp-topten] Extension to Comment Period for 2010 RC1?

On Wed, 16 Dec 2009, Christian Heinrich wrote:

> I would prefer that OWASP didn't venture down the path of competing
> media attention with SANS due our reputation within the greater appsec

> community but if you consider the SANS Top 25 is a risk to the OWASP
> Ten then it would be advantageous to publish the final at the next
> Conference in 2010 as this would allow for a comparison with SANS Top 
> 25.

I'm the technical lead for the Top 25 and don't want these efforts to 
appear competitive in any fashion.  I doubt we will get the attention
we got last year, but you never know.  We included a FAQ question last 
year, but that requires people to actually read it...


I'll bring up the issue to the Top 25 community.

> Obviously, SANS could include the entries of the RC in their Top 25 as

> the RC has already been published.

I think this is a good idea and will pursue it as an appendix.

- Steve
Owasp-topten mailing list
Owasp-topten at lists.owasp.org

More information about the Owasp-topten mailing list