[Owasp-topten] [Owasp-leaders] Released: OWASP Top 10 – 2017 Release Candidate

Daniel Harvey daniel.harvey at owasp.org
Mon Apr 10 15:35:03 UTC 2017


Dave,

I have listed some questions about this.  I think it is great that the data
set was made public


   - Can we have a list of all people involved in analyzing the data and
   producing this release candidate?
   - Did you have a process to analyze that data that is documented and
   reproducible?  If so can you share it?
   - Does having the AspectSecurity logo improperly recommend them as a
   vendor?
   - The way the "What changed from 2013 to 2017?" is written leads me to
   believe there were a lot of opinions.  Were there any checks and balances
   to make sure the opinions do not provide improper benefits to a certain
   organization?


Thanks,
Daniel

On Mon, Apr 10, 2017 at 10:36 AM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> OWASP Leaders!
>
>
>
> The Release Candidate for the OWASP Top 10 – 2017 is now available!
> (Attached)
>
>
>
> *It’s also available for Download here
> <https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf>*
>
>
>
> Please forward to all the developers and development teams you know!! I’d
> love to get feedback from them too, and to start immediately raising
> awareness about what’s changed in this update to the OWASP Top 10. The
> primary change is the addition of two new categories:
>
>
> *2017-A7: Insufficient Attack Protection*
>
> *2017-A10: Underprotected APIs*
>
>
>
> We plan to release the final version of the OWASP Top 10 - 2017 in July
> or Aug. 2017 after a public comment period ending June 30, 2017.
>
>
>
> Constructive comments on this OWASP Top 10 - 2017 Release Candidate should
> be forwarded via email to OWASP-TopTen at lists.owasp.org. Private comments
> may be sent to dave.wichers at owasp.org .  Anonymous comments are welcome.
> All  non-private comments will be catalogued and published at the same time
> as the final public release.  Comments recommending changes to the items
> listed in the Top 10 should include a complete suggested list of changes,
> along with a rationale for any changes. All comments should indicate the
> specific relevant page and section.
>
>
>
> Your feedback is critical to the continued success of the OWASP Top 10 Project.
> Thank you all for your dedication to improving the security of the world’s
> software for everyone.
>
>
>
> Thanks, Dave
>
>
>
> OWASP Top 10 Project Lead
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170410/16cd3875/attachment.html>


More information about the Owasp-topten mailing list