[Owasp-topten] 2010 RC1 - Sources of Stats
christian.heinrich at owasp.org
Mon Dec 28 18:20:55 EST 2009
>From what period where the Aspect and Softek sampled? e.g. since the
2003 Release (cumulative) or the period between the 2007 and 2010 RC.
It would be great benefit to a statistician if the other contributors
could include some commentary on the above and other items such as the
interpretation of their statistics which could be published as a
separate appendix (document) to ensure that the size (i.e. pages) is
kept to a minimum in terms of the main document (consisting of the
OWASP Top Ten).
Could the final release be amended to include a statement along the
lines of "while the Aspect and Softek statistics are not available to
the public in time of publication, they will be made available at
identifying data has been removed" as an example?
I believe Andrew ver der Stock sampled BUGTRAQ but I may be incorrect
due to my *brief* reading of the mailing list archives.
On Tue, Dec 29, 2009 at 3:18 AM, Dave Wichers
<dave.wichers at aspectsecurity.com> wrote:
> The Aspect and Softek results are not public but are very large and useful
> sources of input. The MITRE data was sent to me by Steve Christie so I am
> not sure exactly where it came from. He could answer that.
> Aspect would not be opposed to making our data public at some point but
> that takes some work and conversations with our clients that we have not
> done yet so that certainly won't happen anytime soon.
> We did not sample bugtraq. I don't recall it being used before.
Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule
More information about the Owasp-topten