[Owasp-topten] [Owasp-leaders] OWASP Top 10 Methodology

Christian Heinrich christian.heinrich at cmlh.id.au
Wed May 22 00:07:59 UTC 2013


On Wed, Mar 6, 2013 at 7:30 AM, Neil Smithline <neil.smithline at owasp.org> wrote:
> That said, I think that any attempt at writing by consensus is doomed for
> failure. My recollection is that the 2007 T10 was released much earlier in
> the process than the 2010 and 2013. Despite their being only a dozen or so
> people consistently partaking in the email discussions about the 2007 T10,
> the process turned out to be very cumbersome. Only through Dave's willpower
> did it make it out the door.
> Despite my being totally surprised at the 2010 T10 arriving much later in
> the process than the 2007 did, I thought the process was much better and a
> produced a better document. Sure I felt excluded that I wasn't involved
> earlier in the writing process. But from the 2007 T10 I knew the high price
> of that early involvement and was happy to avoid paying it.

I read the entire mail archive of owasp-topten at lists.owasp.org when I
contributed to the OWASP Top Ten 2010 release i.e.
and could not locate the thread(s) that you are referring too which
are related to the 2007 release.

I am also aware of
which would support this version of events (as per the thread(s)
related to the 2007 release on the owasp-topten at lists.owasp.org) also.

The only other supporting evidence would be that this discussion
occurred within Aspect Security internally, is that the case and if so
could you publish this correspondance?

Christian Heinrich


More information about the Owasp-topten mailing list