[Owasp-topten] WASC Threat Classification v2.0

robert at webappsec.org robert at webappsec.org
Fri Jan 1 21:48:40 EST 2010


Thanks for the free spammage tom :) I just wanted to add that the WASC TC does not 
attempt to implement 'risks' or 'severities' in this release. We will be adding impacts
and mitigations to future releases but we're staying clear of risk/severity intentionally :)

Thanks
- Robert

> 
> To add to the thread...  re: OWASP Top 10
> 
> Released today: WASC Threat Classification v2.0 led by Robert Auger
> 
> http://projects.webappsec.org/Threat-Classification
> 
> 
> Tom Brennan
> http://www.linkedin.com/in/tombrennan
> (973) 506-9303
> 
> 
> 
> On Fri, Jan 1, 2010 at 5:18 AM, Christian Heinrich
> <christian.heinrich at owasp.org> wrote:
> > Dave,
> >
> > The sampling methodology would be to sort the vulnerabilities based on
> > prevalence and then select those of high severity in order of
> > prevalence.
> >
> > WASC provide CVSSv2 Base (i.e. severity) metrics for each webappsec
> > vulnerability.
> >
> > On Fri, Jan 1, 2010 at 2:21 AM, Dave Wichers
> > <dave.wichers at aspectsecurity.com> wrote:
> >> On the leaders list you might have seen some discussion of working with
> >> Facebook and they seem receptive but time will tell.
> >>
> >> Let's see how that plays out.
> >>
> >> And I've said before, I don't think rating the top 10 on severity only,
> >> is a good idea. The last top 10 rated them on prevalence only. And we
> >> need to account for both, not just one or the other.
> >>
> >> -Dave
> >
> >
> > --
> > Regards,
> > Christian Heinrich - http://sn.im/cmlh_linkedin_profile
> > OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
> > Speaking Schedule at http://sn.im/cmlh_speaking_schedule
> > _______________________________________________
> > Owasp-topten mailing list
> > Owasp-topten at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-topten
> >
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
> 



More information about the Owasp-topten mailing list