[Owasp-topten] Extension to Comment Period for 2010 RC1?

Dave Wichers dave.wichers at aspectsecurity.com
Wed Dec 16 21:10:07 EST 2009


I've made about a half dozen small editorial changes and minor error
corrections, but nothing major at this point. Any BIG changes, I'm
waiting until I tackle everything all at once.

The BIG changes currently expected are 2 or more new pages at the end
like 'what's coming next, like cloud computing and such' and more about
'where to go from here (for managers, and developers)'. Things like
that.

Before I do, I'll send out a summary of the intended 'big' changes.

-Dave

-----Original Message-----
From: Ralph Durkee [mailto:rd at rd1.net] 
Sent: Wednesday, December 16, 2009 6:49 PM
To: Dave Wichers
Cc: Steven M. Christey; Christian Heinrich; OWASP-TopTen at lists.owasp.org
Subject: Re: [Owasp-topten] Extension to Comment Period for 2010 RC1?

Are there any of the discussions so far that will result in changes?  
Maybe a summary would help.

-- Ralph Durkee

On Dec 16, 2009, at 1:01 PM, "Dave Wichers"
<dave.wichers at aspectsecurity.com 
 > wrote:

> I'm not thinking there is anything deliberate going on one way or the
> other. We just noticed you were planning an update and so avoiding a
> timing conflict seemed prudent for us, that's all.
>
> -Dave
>
> -----Original Message-----
> From: owasp-topten-bounces at lists.owasp.org
> [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Steven M.
> Christey
> Sent: Wednesday, December 16, 2009 12:53 PM
> To: Christian Heinrich
> Cc: OWASP-TopTen at lists.owasp.org
> Subject: Re: [Owasp-topten] Extension to Comment Period for 2010 RC1?
>
>
> On Wed, 16 Dec 2009, Christian Heinrich wrote:
>
>> I would prefer that OWASP didn't venture down the path of competing
> for
>> media attention with SANS due our reputation within the greater  
>> appsec
>
>> community but if you consider the SANS Top 25 is a risk to the OWASP
> Top
>> Ten then it would be advantageous to publish the final at the next
> OWASP
>> Conference in 2010 as this would allow for a comparison with SANS Top
>> 25.
>
> I'm the technical lead for the Top 25 and don't want these efforts to
> appear competitive in any fashion.  I doubt we will get the attention
> that
> we got last year, but you never know.  We included a FAQ question last
> year, but that requires people to actually read it...
>
> http://cwe.mitre.org/top25/faq.html
>
> I'll bring up the issue to the Top 25 community.
>
>> Obviously, SANS could include the entries of the RC in their Top 25  
>> as
>
>> the RC has already been published.
>
> I think this is a good idea and will pursue it as an appendix.
>
> - Steve
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten


More information about the Owasp-topten mailing list