[Owasp-topten] 2013 A7 - Access Control

Vaibhav Pradhan vaibhav.pradhan at gmail.com
Fri Feb 15 21:10:27 UTC 2013


Agreed!

On Fri, Feb 15, 2013 at 4:05 PM, Abbas Naderi <abbas.naderi at owasp.org>wrote:

> Well at least we can count it as a security flaw, then propose solutions.
> There are a lot of similar scenarios in security, we have to first
> acknowledge them.
> -Abbas
> On ۲۸ بهمن ۱۳۹۱, at ۰:۳۰, "Dennis Groves" <dennis.groves at owasp.org> wrote:
>
> > On 15 Feb 2013, at 20:55, Abbas Naderi wrote:
> >
> >> Agree with this one, how about changing the title to "Using outdated
> third-party software"?
> >
> > Many companies are required to use outdated third party software. Either
> because they outsource that part of their application or network; or
> because the company doesn't feel the financial investment is worth it.
> After all most of the time it is like fixing the sink in the kitchen -
> before you know it the sink has become a kitchen remodel that cost 100
> times as much.
> >
> > The real question is how do we advise those companies to mitigate or
> minimise the risks when they must use such software.
> >
> > Dennis
> >
> > --
> > [Dennis Groves](http://about.me/dennis.groves), MSc
> > [Email me](mailto:dennis.groves at owasp.org) or [schedule a meeting](
> http://goo.gl/8sPIy).
> >
> > *This email is licensed under a [CC BY-ND 3.0](
> http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*
> >
> > **Please do not send me Microsoft Office/Apple iWork documents.**
> > Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
> > Stand up for your freedom to install [free software](
> http://www.fsf.org/campaigns/secure-boot/statement).
> >
> >> The idea that some lives matter less is the root of all that’s wrong
> with the world. -- Paul Farmer
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130215/772beedd/attachment.html>


More information about the Owasp-topten mailing list