[Owasp-topten] To those complaining about the OWASP top ten changes

Robert A. robert at webappsec.org
Tue Apr 25 17:54:45 UTC 2017


There's been a lot of complaining about the owasp top ten. I usually don't 
interject myself, however I've been in a similar situation.

Before posting about your gripes
1. Remember that classification is hard. If you have a better system 
to use, propose it. 
2. If you don't have constructive feedback piss off. These people are 
volunteering their time to make things better for the industry. Most 
(possily all?) aren't getting paid. 
3. If you see a conflict of interest, please do call it out. Just be sure 
you're right....

Regards,
- Robert A.
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.qasec.com
WASC Co Founder/Threat Classification Project Lead


More information about the Owasp-topten mailing list