On Fri, 5 Feb 2010, McGovern, James F. (eBusiness) wrote:
One of the general patterns I noted while providing feedback to the OWASP Top Ten listserv is that top ten lists do sort differently. Within an enterprise setting, it is typical for enterprise applications to be built on Java, .NET or other compiled languages where as if I were doing an Internet startup I may leverage more scripting approaches. So, if different demographics have different behaviors what would a converged list or even a separate list tell us?
A converged list is useful for general recommendations to people who haven't made their own custom lists. The 2010 Top 25, due to be released Feb 16, also considers alternate "Focus Profiles" with different prioritizations to serve different use cases and get people thinking about how to do their own prioritization.
The general list, meanwhile, captures what patterns may exist across all participants - i.e., what everyone is most worried about.
- Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
