[Owasp-topten] [Owasp-bayarea] Top Ten 2016 (time for a refresh)
dave.wichers at owasp.org
Thu Feb 4 18:45:46 UTC 2016
Each Top 10 item refers to the relevant CVEs if that's what you mean. I
definately plan to reference Dependency Check in the new Top 10.
Not sure how bug bounty programs would relate to the Top 10...
On Wed, Feb 3, 2016 at 10:34 AM, Blake <blake at electronicrealm.com> wrote:
> Thank you Dave.
> Have we incorporated CVE’s in the past? Not necessarily under the general
> category " A9 - Using Components with Known Vulnerabilities
> <https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities> “
> but make it more specific as to the type of vulns found in them. (Jeremy
> Long’s Dependency Checktool comes to mind.)
> Also, I’m hoping we can rope in the bug bounty folks / companies. Jason
> Haddix, a great supporter of OWASP, may give us some guidance.
> Furthermore, I’ve worked with a few companies that have internal BB that
> may help out.
> -Blake Turrentine
> From: <owasp-bayarea-bounces at lists.owasp.org> on behalf of Dave Wichers <
> dave.wichers at owasp.org>
> Date: Wednesday, February 3, 2016 at 6:44 AM
> To: docs <blake at hotwan.com>
> Cc: <Owasp-bayarea at lists.owasp.org>, 박형근 <mirrk1 at gmail.com>, OWASP TopTen
> <Owasp-topten at lists.owasp.org>
> Subject: Re: [Owasp-bayarea] [Owasp-topten] Top Ten 2016 (time for a
> I need to issue a data call. I plan to do that by end of February and make
> it public, whereas previously I simply asked for specific organizations to
> contribute. I'm going to provide a template of what the input needs to look
> like and then anyone who wants to can contribute there data.
> We'll then have to sort through it all and decide what the next Top 10
> items are going to be based on this input and other trends we are seeing in
> At that point, it would be good to discuss your ideas around including
> other material like you suggest.
> On Tue, Feb 2, 2016 at 12:02 AM, Blake <blake at hotwan.com> wrote:
>> Awesome for the help!
>> 박형근, I am trying to see what’s been done so far -if anything for
>> updating Top 10 for 2016.
>> Trying to reach out Dave Wichers, the former project lead of OWASP Top
>> 10 -2013 to see what’s going on.
>> I have some ideas on representing Web Services and APIs (OAuth, etc) a
>> little better in the mix as well as augmenting vulnerability prevalence
>> data to support the new rankings.
>> -Blake Turrentine
>> From: 박형근 <mirrk1 at gmail.com>
>> Date: Monday, February 1, 2016 at 8:06 PM
>> To: docs <blake at hotwan.com>
>> Subject: Re: [Owasp-topten] Top Ten 2016
>> Hello, Blake.
>> Are you in the development of Top Ten 2016?
>> What is the time frame?
>> I will support you with Korean security experts.
>> Thanks a lot.
>> Best regards.
>> 2016-02-02 3:44 GMT+09:00 Blake <blake at hotwan.com>:
>>> Checking in to see where we are at with the development of Top Ten 2016.
>>> Looking to help out.
>>> Blake Turrentine
>>> Owasp-topten mailing list
>>> Owasp-topten at lists.owasp.org
>> Park, Hyungkeun, CGEIT, CISSP, CISA, IBM Security Technical Leader, SWG,
>> IBM Korea.
>> TEL. 82-2-3781-7963, FAX. 82-31-213-8283, HP 010-4995-7963, E-mail :
>> phk at kr.ibm.com
>> Office Address : 16th Fl., Military Mutual Aid Association Bldg 467-12,
>> Dogok-dong, Gangnam-gu, Seoul, Korea (Zip Code : 135-270)
>> Twitter: http://twitter.com/securityinsight
>> Facebook: http://www.facebook.com/hyungkeun.park
>> Web Site: http://www.securityplus.or.kr
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
> _______________________________________________ Owasp-bayarea mailing list
> Owasp-bayarea at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten