[Owasp-topten] Registration Required to Download Statistics from WhiteHat and HP/Fortify

Dave Wichers dave.wichers at owasp.org
Fri May 24 14:00:35 UTC 2013


This is a good idea. I have contacted both vendors to see if we can get
public links to their stats.

-Dave

p.s. Please stop sending emails to the entire leaders list related to
comments/questions on the Top 10. The leaders list already has enough
general email.

-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au] 
Sent: Thursday, May 23, 2013 7:45 PM
To: Dave Wichers
Cc: OWASP Leaders; OWASP TopTen
Subject: Re: Registration Required to Download Statistics from WhiteHat and
HP/Fortify

Dave,

Can you please have both WhiteHat and HP provide
https://www.whitehatsec.com/resource/stats.html and
http://www.hpenterprisesecurity.com/register/guarding-against-a-data-breach-
hp.com
respectively so that I am *not* required to register to download their
statistics to then receive a sales call since the "O" in OWASP stands for
"Open" i.e. transparency and *not* "Open [for business exploitation]"?

On Wed, May 22, 2013 at 11:45 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:
> Each company that provided vulnerability data to the Top 10 2013 has 
> also now self-published their data (except Aspect and we will do so 
> soon), and links to this self-published data is included in the 
> Acknowledgements section on the wiki:
> https://www.owasp.org/index.php/Top_10_2013-Introduction
>
>
>
> -Dave
>
>
>
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
> Sent: Wednesday, May 22, 2013 7:14 AM
> To: Jerry Hoff
>
>
> Cc: OWASP Leaders; OWASP TopTen
> Subject: Re: [Owasp-leaders] OWASP Top 10 Methodology
>
>
>
> Seeing the data used to create the OWASP Top 10 would be useful for 
> many reasons.
>
> Devil is in the detail and such data may give rise to other models and 
> approaches to app sec.
>
>
>
>
>
> On 3 March 2013 01:45, Jerry Hoff <jerry at owasp.org> wrote:
>
> Hello all,
>
>
>
> This is great - we now have a baseline on how the top 10 methodology.
>
>
>
> I have a question about the raw data used in the Top 10 - is this 
> going to be made public as well?
>
>
>
> Ideally, we would have a published, vetted methodology and a 
> repository of raw data available to all.  Total transparency - in my 
> opinion this is much more empowering to organizations.  In the perfect 
> scenario, organizations could then see our methodology, tweak the
assumptions and potentially
> companies can come up with their own "top 10".   To me, the most important
> thing is ensuring the methodology and data are available and that they 
> accurately reflect reality.
>
>
>
> In my opinion, these are the next steps:
>
> 1. Make the data that fueled the Top 10 - 2013 publicly available
>
> 2. Allow time for review
>
> 3. An open "virtual summit" over webex to hash out glaring problems
>
> 4. Draft a revised methodology
>
> 5. Virtual Summit again (repeat until there is a consensus)
>
> 6. Opening publish the revised methodology
>
> 7. Use this methodology and recommendations to augment the Top 10
>
> 8. Publish Final Document
>
>
>
> These steps are based on conversations I had with Jeff Williams, 
> Michael Coates and Jim Manico.
>
>
>
> Does this plan seem reasonable?  Please voice your opinion OWASP leaders.
>
>
>
> Jerry
>
>
>
> --
> Jerry Hoff
>
> @jerryhoff
> jerry at owasp.org
>
>
>
> On Mar 2, 2013, at 4:15 PM, Michael Coates <michael.coates at owasp.org>
wrote:
>
>
>
> Leaders,
>
> The OWASP Top 10 Methodology wiki page (as described in the below 
> email) is now live - 
> https://owasp.org/index.php/Top_10_2013/ProjectMethodology
>
> As you'll see in the first line of the wiki - "The goal of this page 
> is to provide the baseline of knowledge to begin a thoughtful 
> conversation of enhancements and changes to continue growing the OWASP top
10."
>
> Next Steps:
>
> - Have ideas on how we can enhance the methodology? Please add it here 
> https://owasp.org/index.php/Top_10_2013/ProjectMethodology#Suggested_E
> nhancements
>
> - We'll then begin making changes based on these ideas
>
> Overall Goal:
>
> Increase participation, enhance methodology, and continue to grow the 
> excellent OWASP top 10 resource
>
> Thanks for everyone's hard work so far on the Top 10 and all the good 
> ideas that have been floating around. I'm confident we can all work 
> together as a community to make this next top 10 awesome.  I look 
> forward to continuing this conversation with everyone.
>
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
>
> On Tue, Feb 26, 2013 at 12:05 PM, Michael Coates 
> <michael.coates at owasp.org>
> wrote:
>
> Leaders & Top 10 Enthusiasts,
>
> Dave and I had a great conversation today about the Top 10 and some of 
> the questions that have been posed by many in our owasp community.
>
> We're going to build a wiki page that describes the overall project 
> methodology of the owasp top 10, what's currently happening, 
> suggestions for improvements, and an FAQ.
>
> The project has continually grown over the various releases and has 
> successfully attracted more worldwide attention. As we've grown as an 
> organization we've seen many new ways to further open the top 10 and 
> invite greater participation.
>
> This methodology wiki page will help clarify the activities to date 
> and provide a feedback channel to continue growing.
>
> Please look for this page later this week. It would have been great 
> for me to include the completed page with this email, but it will take 
> a day or two and I wanted to send this info to the list now.
>
>
>
> Thanks!
>
>
>
> --
> Michael Coates | OWASP | @_mwc
> michael-coates.blogspot.com
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
> --
> Eoin Keary
> OWASP Member
> https://twitter.com/EoinKeary
>
>
>
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>



--
Regards,
Christian Heinrich

http://cmlh.id.au/contact



More information about the Owasp-topten mailing list