[Owasp-topten] 2010 RC1 - Sources of Stats

Christian Heinrich christian.heinrich at owasp.org
Sun Dec 27 21:39:47 EST 2009


In relation to the the sources of statistics sampled for the OWASP Top
Ten 2010 RC1:

I have been unable to locate the statistics provided by either Aspect
Security or Softtek - are they publicly available and if not (publicly
available) should they be considered in addition to statistics that
are published publicly considering the "Open" in OWASP?

For the MITRE statistics, is the CWE Vulnerability Type Distributions
the sample i.e. http://cwe.mitre.org/documents/vuln-trends/index.html)
or do different statistics constitute their sample

Are statistics from BUGTRAQ still sampled (i.e. there is no mention in
the RC) as it was sampled for prior releases of the OWASP Top Ten?

Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule

More information about the Owasp-topten mailing list