[Owasp-topten] 2010 RC - Severity != Risk

Christian Heinrich christian.heinrich at owasp.org
Thu Dec 31 05:38:48 EST 2009


I doubt their intention is raising the awareness of webappsec
considering the recent "benefit" to the privacy settings of their end
users - their agenda is maintaining the status quo while appearing to
raise awareness of webappsec.

While I was expecting resistance to the recommendation of rating each
entry based on severity, this is an opportunity for OWASP to leverage
off others incorrect perception and provide a resource whose entries
cannot be misrepresented based on its initial reading and which cannot
be questioned due to (mis)interpretation of the OWASP Risk Rating

On Thu, Dec 31, 2009 at 3:06 AM, Dave Wichers
<dave.wichers at aspectsecurity.com> wrote:
> I think you are reading too much into their sentence. I read that page before you referred to it and nothing jumped out as me as being seriously wrong. Again, they are trying to raise awareness not split hairs so I think what they have done is good.
> -Dave

Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule

More information about the Owasp-topten mailing list