[Owasp-topten] WASC Threat Classification v2.0
christian.heinrich at owasp.org
Sat Jan 2 04:45:02 EST 2010
Impact and Severity refer to the same quality of a residual risk.
On Sat, Jan 2, 2010 at 1:48 PM, <robert at webappsec.org> wrote:
> Thanks for the free spammage tom :) I just wanted to add that the WASC TC does not
> attempt to implement 'risks' or 'severities' in this release. We will be adding impacts
> and mitigations to future releases but we're staying clear of risk/severity intentionally :)
> - Robert
>> To add to the thread... re: OWASP Top 10
>> Released today: WASC Threat Classification v2.0 led by Robert Auger
>> Tom Brennan
>> (973) 506-9303
>> On Fri, Jan 1, 2010 at 5:18 AM, Christian Heinrich
>> <christian.heinrich at owasp.org> wrote:
>> > Dave,
>> > The sampling methodology would be to sort the vulnerabilities based on
>> > prevalence and then select those of high severity in order of
>> > prevalence.
>> > WASC provide CVSSv2 Base (i.e. severity) metrics for each webappsec
>> > vulnerability.
>> > On Fri, Jan 1, 2010 at 2:21 AM, Dave Wichers
>> > <dave.wichers at aspectsecurity.com> wrote:
>> >> On the leaders list you might have seen some discussion of working with
>> >> Facebook and they seem receptive but time will tell.
>> >> Let's see how that plays out.
>> >> And I've said before, I don't think rating the top 10 on severity only,
>> >> is a good idea. The last top 10 rated them on prevalence only. And we
>> >> need to account for both, not just one or the other.
>> >> -Dave
>> > --
>> > Regards,
>> > Christian Heinrich - http://sn.im/cmlh_linkedin_profile
>> > OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
>> > Speaking Schedule at http://sn.im/cmlh_speaking_schedule
>> > _______________________________________________
>> > Owasp-topten mailing list
>> > Owasp-topten at lists.owasp.org
>> > https://lists.owasp.org/mailman/listinfo/owasp-topten
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule
More information about the Owasp-topten