[Owasp-topten] Extension to Comment Period for 2010 RC1?
Dave Wichers
dave.wichers at aspectsecurity.com
Wed Dec 16 13:01:05 EST 2009
I'm not thinking there is anything deliberate going on one way or the
other. We just noticed you were planning an update and so avoiding a
timing conflict seemed prudent for us, that's all.
-Dave
-----Original Message-----
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Steven M.
Christey
Sent: Wednesday, December 16, 2009 12:53 PM
To: Christian Heinrich
Cc: OWASP-TopTen at lists.owasp.org
Subject: Re: [Owasp-topten] Extension to Comment Period for 2010 RC1?
On Wed, 16 Dec 2009, Christian Heinrich wrote:
> I would prefer that OWASP didn't venture down the path of competing
for
> media attention with SANS due our reputation within the greater appsec
> community but if you consider the SANS Top 25 is a risk to the OWASP
Top
> Ten then it would be advantageous to publish the final at the next
OWASP
> Conference in 2010 as this would allow for a comparison with SANS Top
> 25.
I'm the technical lead for the Top 25 and don't want these efforts to
appear competitive in any fashion. I doubt we will get the attention
that
we got last year, but you never know. We included a FAQ question last
year, but that requires people to actually read it...
http://cwe.mitre.org/top25/faq.html
I'll bring up the issue to the Top 25 community.
> Obviously, SANS could include the entries of the RC in their Top 25 as
> the RC has already been published.
I think this is a good idea and will pursue it as an appendix.
- Steve
_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten
More information about the Owasp-topten
mailing list