[Owasp-topten] Registration Required to Download Statistics from WhiteHat and HP/Fortify

Christian Heinrich christian.heinrich at cmlh.id.au
Thu May 23 23:45:08 UTC 2013


Dave,

Can you please have both WhiteHat and HP provide
https://www.whitehatsec.com/resource/stats.html and
http://www.hpenterprisesecurity.com/register/guarding-against-a-data-breach-hp.com
respectively so that I am *not* required to register to download their
statistics to then receive a sales call since the "O" in OWASP stands
for "Open" i.e. transparency and *not* "Open [for business
exploitation]"?

On Wed, May 22, 2013 at 11:45 PM, Dave Wichers <dave.wichers at owasp.org> wrote:
> Each company that provided vulnerability data to the Top 10 2013 has also
> now self-published their data (except Aspect and we will do so soon), and
> links to this self-published data is included in the Acknowledgements
> section on the wiki:
> https://www.owasp.org/index.php/Top_10_2013-Introduction
>
>
>
> -Dave
>
>
>
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
> Sent: Wednesday, May 22, 2013 7:14 AM
> To: Jerry Hoff
>
>
> Cc: OWASP Leaders; OWASP TopTen
> Subject: Re: [Owasp-leaders] OWASP Top 10 Methodology
>
>
>
> Seeing the data used to create the OWASP Top 10 would be useful for many
> reasons.
>
> Devil is in the detail and such data may give rise to other models and
> approaches to app sec.
>
>
>
>
>
> On 3 March 2013 01:45, Jerry Hoff <jerry at owasp.org> wrote:
>
> Hello all,
>
>
>
> This is great - we now have a baseline on how the top 10 methodology.
>
>
>
> I have a question about the raw data used in the Top 10 - is this going to
> be made public as well?
>
>
>
> Ideally, we would have a published, vetted methodology and a repository of
> raw data available to all.  Total transparency - in my opinion this is much
> more empowering to organizations.  In the perfect scenario, organizations
> could then see our methodology, tweak the assumptions and potentially
> companies can come up with their own "top 10".   To me, the most important
> thing is ensuring the methodology and data are available and that they
> accurately reflect reality.
>
>
>
> In my opinion, these are the next steps:
>
> 1. Make the data that fueled the Top 10 - 2013 publicly available
>
> 2. Allow time for review
>
> 3. An open "virtual summit" over webex to hash out glaring problems
>
> 4. Draft a revised methodology
>
> 5. Virtual Summit again (repeat until there is a consensus)
>
> 6. Opening publish the revised methodology
>
> 7. Use this methodology and recommendations to augment the Top 10
>
> 8. Publish Final Document
>
>
>
> These steps are based on conversations I had with Jeff Williams, Michael
> Coates and Jim Manico.
>
>
>
> Does this plan seem reasonable?  Please voice your opinion OWASP leaders.
>
>
>
> Jerry
>
>
>
> --
> Jerry Hoff
>
> @jerryhoff
> jerry at owasp.org
>
>
>
> On Mar 2, 2013, at 4:15 PM, Michael Coates <michael.coates at owasp.org> wrote:
>
>
>
> Leaders,
>
> The OWASP Top 10 Methodology wiki page (as described in the below email) is
> now live - https://owasp.org/index.php/Top_10_2013/ProjectMethodology
>
> As you'll see in the first line of the wiki - "The goal of this page is to
> provide the baseline of knowledge to begin a thoughtful conversation of
> enhancements and changes to continue growing the OWASP top 10."
>
> Next Steps:
>
> - Have ideas on how we can enhance the methodology? Please add it here
> https://owasp.org/index.php/Top_10_2013/ProjectMethodology#Suggested_Enhancements
>
> - We'll then begin making changes based on these ideas
>
> Overall Goal:
>
> Increase participation, enhance methodology, and continue to grow the
> excellent OWASP top 10 resource
>
> Thanks for everyone's hard work so far on the Top 10 and all the good ideas
> that have been floating around. I'm confident we can all work together as a
> community to make this next top 10 awesome.  I look forward to continuing
> this conversation with everyone.
>
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
>
> On Tue, Feb 26, 2013 at 12:05 PM, Michael Coates <michael.coates at owasp.org>
> wrote:
>
> Leaders & Top 10 Enthusiasts,
>
> Dave and I had a great conversation today about the Top 10 and some of the
> questions that have been posed by many in our owasp community.
>
> We're going to build a wiki page that describes the overall project
> methodology of the owasp top 10, what's currently happening, suggestions for
> improvements, and an FAQ.
>
> The project has continually grown over the various releases and has
> successfully attracted more worldwide attention. As we've grown as an
> organization we've seen many new ways to further open the top 10 and invite
> greater participation.
>
> This methodology wiki page will help clarify the activities to date and
> provide a feedback channel to continue growing.
>
> Please look for this page later this week. It would have been great for me
> to include the completed page with this email, but it will take a day or two
> and I wanted to send this info to the list now.
>
>
>
> Thanks!
>
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> --
> Eoin Keary
> OWASP Member
> https://twitter.com/EoinKeary
>
>
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Owasp-topten mailing list