Secure Coding mailing list archives
Metrics
From: coley at linus.mitre.org (Steven M. Christey)
Date: Fri, 5 Feb 2010 10:59:34 -0500 (EST)
On Fri, 5 Feb 2010, McGovern, James F. (eBusiness) wrote:
One of the general patterns I noted while providing feedback to the OWASP Top Ten listserv is that top ten lists do sort differently. Within an enterprise setting, it is typical for enterprise applications to be built on Java, .NET or other compiled languages where as if I were doing an Internet startup I may leverage more scripting approaches. So, if different demographics have different behaviors what would a converged list or even a separate list tell us?
A converged list is useful for general recommendations to people who haven't made their own custom lists. The 2010 Top 25, due to be released Feb 16, also considers alternate "Focus Profiles" with different prioritizations to serve different use cases and get people thinking about how to do their own prioritization. The general list, meanwhile, captures what patterns may exist across all participants - i.e., what everyone is most worried about. - Steve
Current thread:
- BSIMM update (informIT), (continued)
- BSIMM update (informIT) Steven M. Christey (Feb 02)
- BSIMM update (informIT) Gary McGraw (Feb 03)
- BSIMM update (informIT) Mike Boberski (Feb 03)
- BSIMM update (informIT) Steven M. Christey (Feb 03)
- BSIMM update (informIT) Jim Manico (Feb 04)
- BSIMM update (informIT) Steven M. Christey (Feb 04)
- BSIMM update (informIT) Gary McGraw (Feb 04)
- Thread is dead -- Re: BSIMM update (informIT) Kenneth Van Wyk (Feb 04)
- Message not available
- Message not available
- BSIMM update (informIT) Steven M. Christey (Feb 04)
- BSIMM update (informIT) Steven M. Christey (Feb 02)
- Metrics McGovern, James F. (eBusiness) (Feb 05)
- Metrics Steven M. Christey (Feb 05)
- Metrics Arian J. Evans (Feb 05)
- BSIMM update (informIT) Steven M. Christey (Feb 02)
- BSIMM update (informIT) Mike Boberski (Feb 02)
- BSIMM update (informIT) Gary McGraw (Feb 03)