WebApp Sec mailing list archives

Re: OWASP Top Ten - dev process

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Wed, 13 Jul 2005 15:48:38 +0530

On 13/07/05 11:40 +1000, Michael Silk wrote:


But isn't the the _whole point_ of a "Top Ten" is that it quickly and
easily lists the 'visible' problems [i.e not the cause]?

I mean, you could make it a Top 2 otherwise:
1) Bad Programming
2) Bad Design

Top Three:
3> Bad Programmers.

...

It covers everything; easy to interpret and hence fail or pass as you like.

imho an OWASP "Top Ten" shouldn't really cover _my_ development
procedures; only the problems exposed by them.

IMHO, we need a top ten problems and a top ten bad practices list.
That would help a lot more.

Devdas Bhagat

Current thread:

RE: OWASP Top Ten - dev process Evans, Arian (Jul 12)
- Re: OWASP Top Ten - dev process Michael Silk (Jul 13)
  - Re: OWASP Top Ten - dev process Devdas Bhagat (Jul 13)
    - Re: OWASP Top Ten - dev process Andrew van der Stock (Jul 13)
- <Possible follow-ups>
- RE: OWASP Top Ten - dev process Jeff Robertson (Jul 13)
- RE: OWASP Top Ten - dev process Evans, Arian (Jul 13)
- RE: OWASP Top Ten - dev process Evans, Arian (Jul 13)