[Owasp-topten] Who Are the Initial Six Sampled?

Christian Heinrich christian.heinrich at cmlh.id.au
Sat May 25 09:39:40 UTC 2013


Dave,

Is there a reason why the Release Candidate was *not* reissued due the
inclusion of the statistics from Trustwave and Minded Security since
this would have expanded the sample by a factor of third then?

Is there an artifact dated between the 28 January until 14 February
that indicates that you at least took more than a cursory look at the
statistics from Trustwave and Minded Security since
https://www.owasp.org/index.php?title=Top_10_2013-Introduction&action=history
appears that these statistics were added to the list without any
consideration?

Also what was the outcome of the
http://lists.owasp.org/pipermail/owasp-topten/2013-January/000816.html,
did RandomStorm decide not provide their statistics in the end?

On Fri, May 24, 2013 at 11:58 PM, Dave Wichers <dave.wichers at owasp.org> wrote:
> That is correct.
>
> -----Original Message-----
> From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au]
> Sent: Friday, May 24, 2013 12:42 AM
> To: Dave Wichers
> Cc: owasp-topten at lists.owasp.org
> Subject: Who Are the Initial Six Sampled?
>
> Dave,
>
> On Tue, Jan 29, 2013 at 7:58 AM, Dave Wichers <dave.wichers at owasp.org>
> wrote:
>> So, I expanded from 4 sources of input to 7, but one of those dropped
>> out (MITRE as they said they wouldn't have good stats to provide) so
>> then it was 6. And HP is really two of the providers as they provided
>> WebInspect results, and separately Fortify results. So results for two
>> very different tools, but only 1 vendor.
>
> From sampling https://www.owasp.org/index.php/Top_10_2010-Introduction
> and based on the statement above from
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000828.html
> I will assume that on 29 Jan that the six sources chosen were:
>
> 1. Aspect
> 2  HP (Fortify) i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000828.html
> 3. HP (WebInspect) i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000828.html
> 4. Softtek i.e. https://www.owasp.org/index.php/Top_10_2010-Introduction
> 5. Veracode i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000813.html
> 6. Whitehat i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2013-January/000813.html
>
> Can you please let me know if this is correct or where I am wrong?
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Owasp-topten mailing list