[Owasp-topten] Comments on OWASP Top 10 RC - 2017 A7
Timothy D. Morgan
tim.morgan at owasp.org
Tue Apr 11 23:12:44 UTC 2017
> The topic seems to be driven by WAF as a solution rather than by the
> underlying problems.
It's a solution looking for a problem, rather than a distinct development issue
that programmers should become aware of. We're not educating developers about
security by prescribing a band-aid cure-all like a WAF.
This is not how you security.
> My suggestion would be to either break this topic up into a few different
> issues or rename the topic to Integrate a WAF into your application.
Sure, then we can also publish a new top 10 list:
"Top 10 Most Common Vulnerabilities in Security Products"
It'll look a lot like the Top 10 list from 2003, since that's the decade most
security product vendors are still living in. (Just ask @taviso.)
More information about the Owasp-topten