[Owasp-topten] WASC Threat Classification v2.0

Christian Heinrich christian.heinrich at owasp.org
Sat Jan 2 07:02:21 EST 2010


I had a discussion in October 2009 with Matteo Meucci (OWASP Testing
Guide Project Leader) about the possibly of updating the OWASP Risk
Rating Methodology.

While not the initial intent, based on the Top Ten, it could be
leveraged to establish the taxonomy in relation to the residual risk
of webappsec.

Let me know if WASC would be interested in contributing and I can
include this in the formal proposal which I could put together after
March 2010 (based on my current commitments)?

On Sat, Jan 2, 2010 at 9:45 PM,  <robert at webappsec.org> wrote:
> I wasn't trying to get into a debate about them, merely that we're not covering it in this wasc project :)
>> Robert,

Christian Heinrich - http://sn.im/cmlh_linkedin_profile
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking
Speaking Schedule at http://sn.im/cmlh_speaking_schedule

More information about the Owasp-topten mailing list