[Owasp-topten] Thoughts on OWASP Top 10 2009 - Round 1

Neil Smithline owasp-topten at smithline.net
Wed Mar 18 20:41:25 EDT 2009


2009/3/18 Dave Wichers <dave.wichers at aspectsecurity.com>

> I think the Top 10 items and their brief descriptions is more of a
> management document, than a developer doc. However, the existing doc has
> lots of details for developers making it less useful as a management
> document, but not enough detail to be really useful for developers either.
> Jeff Williams has a suggestion that I like:
>
>
I just want to note that a management-focus on the T10 vulnerabilities is a
different document than the top 10 application security management mistakes.
The latter involves things such as "We'll add security at the end when we
add I18N.",  "We have smart engineers so we can let every team worry about
security on their own.", and "The most famous is never get involved in a
land war in Asia" (oh wait, that's something different ;-)

Neil

Personal: http://www.smithline.net
Voice: 781-754-7628
Fax: 206-666-5090

Professional:
<http://www.smithline.net/>Founder & Senior Security Consultant
OneStopAppSecurity.com
https://www.OneStopAppSecurity.com <https://www.onestopappsecurity.com/>


(Signature provided with the help of <https://www.onestopappsecurity.com/>
WiseStamp <http://www.wisestamp.com/>)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20090318/92a70ce7/attachment.html 


More information about the Owasp-topten mailing list