[Owasp-topten] WASC Threat Classification v2.0

Tom Brennan - OWASP tomb at owasp.org
Fri Jan 1 20:45:34 EST 2010


To add to the thread...  re: OWASP Top 10

Released today: WASC Threat Classification v2.0 led by Robert Auger

http://projects.webappsec.org/Threat-Classification


Tom Brennan
http://www.linkedin.com/in/tombrennan
(973) 506-9303



On Fri, Jan 1, 2010 at 5:18 AM, Christian Heinrich
<christian.heinrich at owasp.org> wrote:
> Dave,
>
> The sampling methodology would be to sort the vulnerabilities based on
> prevalence and then select those of high severity in order of
> prevalence.
>
> WASC provide CVSSv2 Base (i.e. severity) metrics for each webappsec
> vulnerability.
>
> On Fri, Jan 1, 2010 at 2:21 AM, Dave Wichers
> <dave.wichers at aspectsecurity.com> wrote:
>> On the leaders list you might have seen some discussion of working with
>> Facebook and they seem receptive but time will tell.
>>
>> Let's see how that plays out.
>>
>> And I've said before, I don't think rating the top 10 on severity only,
>> is a good idea. The last top 10 rated them on prevalence only. And we
>> need to account for both, not just one or the other.
>>
>> -Dave
>
>
> --
> Regards,
> Christian Heinrich - http://sn.im/cmlh_linkedin_profile
> OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> Speaking Schedule at http://sn.im/cmlh_speaking_schedule
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>


More information about the Owasp-topten mailing list