[Owasp-topten] [Owasp-leaders] On "Insufficient Attack Protection", and the role of OWASP...

Eoin Keary eoin.keary at owasp.org
Wed Apr 12 11:42:58 UTC 2017


As a Contributing company to the Top10 stats I'd like to understand the stats behind both new additions. Appreciated if someone can point me to the right files/stats model?




Sent from my iPhone

> On 12 Apr 2017, at 05:19, Azzeddine Ramrami <azzeddine.ramrami at owasp.org> wrote:
> 
> Hi,
> 
> I agree to change the name from "Insufficient Attack Protection" but not to Improper Trust Modeling".
> 
> I suggest to change it to "Insufficient Attack Detection and Response".
> 
> Regards,
> Azzeddine
> 
>> On Wed, Apr 12, 2017 at 7:24 AM, Norman Yue <norman.yue at owasp.org> wrote:
>> Hey folks,
>> 
>> Greetings from sunny Sydney - I hope this email finds you well. I apologise for spamming owasp-leaders with this, but I think this is important enough that this warrants the attention of the international leadership community.
>> 
>> Traditionally, we have been a trusted source of information with regards to web application information security, providing both tools and technical reference information to developers and application security professionals, to help secure the Internet for everyone.
>> 
>> Today, "Insufficient Attack Protection" is actually being considered for inclusion in an OWASP Top Ten list.
>> 
>> (Constructively, I think this should be replaced with something like "improper trust modelling", and we push the Google BeyondCorp line of thinking https://research.google.com/pubs/pub43231.html - the polar opposite to "buy a waf").
>> 
>> Words do not express my burning rage, and my disappointment that no-one else appears to feel the same way (I read through the owasp-topten list before posting this). Do people still care about the future of this community, and how OWASP is perceived throughout the information security industry?
>> 
>> With best regards,
>> 
>> 
>> Norm
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> 
> 
> 
> -- 
> Azzeddine RAMRAMI
> +33 6 65 48 90 04.
> OWASP CSRFGuard Project Leader
> OWASP Leader (Morocco Chapter)
> Cognitive Security Expert
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170412/cc948f9d/attachment-0001.html>


More information about the Owasp-topten mailing list