[Owasp-topten] OWASP Top 10 2010

Dave Wichers dave.wichers at aspectsecurity.com
Thu Feb 18 09:26:17 EST 2010


I think that bar is probably too high for PCI to consider. They are
trying to raise the floor of the entire world a few inches. I think ASVS
might be raising it 1 foot, at a minimum, and that might be too high,
but I can certainly make sure he knows it exists.

 

-Dave

 

From: Boberski, Michael [USA] [mailto:boberski_michael at bah.com] 
Sent: Thursday, February 18, 2010 8:26 AM
To: Dave Wichers; McGovern, James F. (P+C Technology)
Cc: OWASP TopTen
Subject: RE: [Owasp-topten] OWASP Top 10 2010

 

Perhaps explore with him using ASVS for PCI, since now an actual
standard exists?

 

Best,

 

Mike B.

 

 

________________________________

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dave Wichers
Sent: Wednesday, February 17, 2010 8:44 PM
To: McGovern, James F. (P+C Technology)
Cc: OWASP TopTen
Subject: Re: [Owasp-topten] OWASP Top 10 2010

I can ask Bob Russo, who runs the PCI Council, and was my former boss,
to do so :-)

 

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of McGovern,
James F. (P+C Technology)
Sent: Wednesday, February 17, 2010 11:13 AM
Cc: OWASP TopTen
Subject: Re: [Owasp-topten] OWASP Top 10 2010

 

Of course I have a secondary question on top of this. PCI states that
one must stay current but how can we ask PCI to publish a note as a way
to amplify once this is released?

 

________________________________

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Nishi Kumar
Sent: Wednesday, February 17, 2010 9:22 AM
To: dave.wichers at aspectsecurity.com; vanderaj at owasp.org;
mike.boberski at gmail.com
Cc: OWASP TopTen
Subject: Re: [Owasp-topten] OWASP Top 10 2010

Hi Dave,
 
I have to give a presentation on OWASP Top 10 next week in Toronto. I
was worndering if OWASP Top 10 for 2010 has been officially released
after the community feedback. Is the OWASP Top 10 - 2010 rc1 on OWASP
website is the officially released document? 
 
OWASP Top 10 is requirement for PCI DSS and PA DSS. PCI DSS requirements
6.5.1 - 6.5.10 and PA-DSS requirements 5.2.1 - 5.2.10 is OWASP Top 10.
My question is do you know when PCI is going to change their
requirements document to have OWASP Top 10 for 2010 as their
requirement?
 
Thanks
Nishi Kumar
OWASP CBT Project Lead
OWASP Education Committee

________________________________

Hotmail: Powerful Free email with security by Microsoft. Get it now.
<http://clk.atdmt.com/GBL/go/201469230/direct/01/>  

************************************************************
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20100218/f4d3ebce/attachment.html 


More information about the Owasp-topten mailing list