[Owasp-topten] Who Are the Initial Six Sampled?

Christian Heinrich christian.heinrich at cmlh.id.au
Sat May 25 09:39:40 UTC 2013


Is there a reason why the Release Candidate was *not* reissued due the
inclusion of the statistics from Trustwave and Minded Security since
this would have expanded the sample by a factor of third then?

Is there an artifact dated between the 28 January until 14 February
that indicates that you at least took more than a cursory look at the
statistics from Trustwave and Minded Security since
appears that these statistics were added to the list without any

Also what was the outcome of the
did RandomStorm decide not provide their statistics in the end?

On Fri, May 24, 2013 at 11:58 PM, Dave Wichers <dave.wichers at owasp.org> wrote:
> That is correct.
> -----Original Message-----
> From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au]
> Sent: Friday, May 24, 2013 12:42 AM
> To: Dave Wichers
> Cc: owasp-topten at lists.owasp.org
> Subject: Who Are the Initial Six Sampled?
> Dave,
> On Tue, Jan 29, 2013 at 7:58 AM, Dave Wichers <dave.wichers at owasp.org>
> wrote:
>> So, I expanded from 4 sources of input to 7, but one of those dropped
>> out (MITRE as they said they wouldn't have good stats to provide) so
>> then it was 6. And HP is really two of the providers as they provided
>> WebInspect results, and separately Fortify results. So results for two
>> very different tools, but only 1 vendor.
> From sampling https://www.owasp.org/index.php/Top_10_2010-Introduction
> and based on the statement above from
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000828.html
> I will assume that on 29 Jan that the six sources chosen were:
> 1. Aspect
> 2  HP (Fortify) i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000828.html
> 3. HP (WebInspect) i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000828.html
> 4. Softtek i.e. https://www.owasp.org/index.php/Top_10_2010-Introduction
> 5. Veracode i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000813.html
> 6. Whitehat i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000813.html
> Can you please let me know if this is correct or where I am wrong?
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact

Christian Heinrich


More information about the Owasp-topten mailing list