[Owasp-topten] [Owasp-bayarea] Top Ten 2016 (time for a refresh)

Dave Wichers dave.wichers at owasp.org
Thu Feb 4 18:45:46 UTC 2016


Each Top 10 item refers to the relevant CVEs if that's what you mean. I
definately plan to reference Dependency Check in the new Top 10.

Not sure how bug bounty programs would relate to the Top 10...

-Dave

On Wed, Feb 3, 2016 at 10:34 AM, Blake <blake at electronicrealm.com> wrote:

> Thank you Dave.
>
> Have we incorporated CVE’s in the past?  Not necessarily under the general
> category " A9 - Using Components with Known Vulnerabilities
> <https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities> “
> but make it more specific as to the type of vulns found in them. (Jeremy
> Long’s Dependency Checktool comes to mind.)
>
> Also, I’m hoping we can rope in the bug bounty folks / companies.  Jason
> Haddix, a great supporter of OWASP, may give us some guidance.
>
> Furthermore, I’ve worked with a few companies that have internal BB that
> may help out.
>
> -Blake Turrentine
> HotWAN
>
> From: <owasp-bayarea-bounces at lists.owasp.org> on behalf of Dave Wichers <
> dave.wichers at owasp.org>
> Date: Wednesday, February 3, 2016 at 6:44 AM
> To: docs <blake at hotwan.com>
> Cc: <Owasp-bayarea at lists.owasp.org>, 박형근 <mirrk1 at gmail.com>, OWASP TopTen
> <Owasp-topten at lists.owasp.org>
> Subject: Re: [Owasp-bayarea] [Owasp-topten] Top Ten 2016 (time for a
> refresh)
>
> I need to issue a data call. I plan to do that by end of February and make
> it public, whereas previously I simply asked for specific organizations to
> contribute. I'm going to provide a template of what the input needs to look
> like and then anyone who wants to can contribute there data.
>
> We'll then have to sort through it all and decide what the next Top 10
> items are going to be based on this input and other trends we are seeing in
> industry.
>
> At that point, it would be good to discuss your ideas around including
> other material like you suggest.
>
> -Dave
>
> On Tue, Feb 2, 2016 at 12:02 AM, Blake <blake at hotwan.com> wrote:
>
>> Awesome for the help!
>>
>> 박형근, I am trying to see what’s been done so far -if anything for
>> updating Top 10 for 2016.
>>
>> Trying to reach out Dave Wichers, the former project lead of OWASP Top
>> 10 -2013 to see what’s going on.
>>
>> I have some ideas on representing Web Services and APIs (OAuth, etc) a
>> little better in the mix as well as augmenting vulnerability prevalence
>> data to support the new rankings.
>>
>> -Blake Turrentine
>>
>> From: 박형근 <mirrk1 at gmail.com>
>> Date: Monday, February 1, 2016 at 8:06 PM
>> To: docs <blake at hotwan.com>
>> Subject: Re: [Owasp-topten] Top Ten 2016
>>
>> Hello, Blake.
>>
>> Are you in the development of Top Ten 2016?
>> What is the time frame?
>>
>> I will support you with Korean security experts.
>>
>> Thanks a lot.
>> Best regards.
>>
>> 2016-02-02 3:44 GMT+09:00 Blake <blake at hotwan.com>:
>>
>>> Hi,
>>>
>>> Checking in to see where we are at with the development of Top Ten 2016.
>>>
>>> Looking to help out.
>>>
>>> Cheers,
>>>
>>> Blake Turrentine
>>>
>>> _______________________________________________
>>> Owasp-topten mailing list
>>> Owasp-topten at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>>
>>>
>>
>>
>> --
>> Park, Hyungkeun, CGEIT, CISSP, CISA, IBM Security Technical Leader, SWG,
>> IBM Korea.
>> TEL. 82-2-3781-7963, FAX. 82-31-213-8283, HP 010-4995-7963, E-mail :
>> phk at kr.ibm.com
>> Office Address :  16th Fl., Military Mutual Aid Association Bldg 467-12,
>> Dogok-dong, Gangnam-gu, Seoul, Korea (Zip Code : 135-270)
>> Twitter: http://twitter.com/securityinsight
>> Facebook: http://www.facebook.com/hyungkeun.park
>> Web Site: http://www.securityplus.or.kr
>>
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>
>>
> _______________________________________________ Owasp-bayarea mailing list
> Owasp-bayarea at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bayarea
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20160204/1e3071e3/attachment.html>


More information about the Owasp-topten mailing list