[Owasp-topten] 2010 RC1 - Sources of Stats

robert at webappsec.org robert at webappsec.org
Mon Dec 28 22:43:51 EST 2009


> > I believe Andrew ver der Stock sampled BUGTRAQ but I may be incorrect
> > due to my *brief* reading of the mailing list archives.
> 
> One thing I forget to mention when I talked about how CVE effectively 
> samples Bugtraq data, is that none of the established vulnerability DBs 
> track "site-specific" vulnerabilities, e.g. a CSRF in Facebook.  These 
> kinds of reports show up on Bugtraq and Full-Disclosure, and on sites like 
> xssed.com (which was out-of-date last time I checked), but I don't know 
> what stats are available, if any.

The WASC WHID (Web Hacking Incidents Database) project tracks incidents on websites.
http://www.webappsec.org/projects/whid/

- Robert
> 
> - Steve
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
> 



More information about the Owasp-topten mailing list