WebApp Sec mailing list archives
Re: OWASP Top Ten - dev process
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Wed, 13 Jul 2005 15:48:38 +0530
On 13/07/05 11:40 +1000, Michael Silk wrote:
But isn't the the _whole point_ of a "Top Ten" is that it quickly and easily lists the 'visible' problems [i.e not the cause]? I mean, you could make it a Top 2 otherwise: 1) Bad Programming 2) Bad Design
Top Three: 3> Bad Programmers.
... It covers everything; easy to interpret and hence fail or pass as you like. imho an OWASP "Top Ten" shouldn't really cover _my_ development procedures; only the problems exposed by them.
IMHO, we need a top ten problems and a top ten bad practices list. That would help a lot more. Devdas Bhagat
Current thread:
- RE: OWASP Top Ten - dev process Evans, Arian (Jul 12)
- Re: OWASP Top Ten - dev process Michael Silk (Jul 13)
- Re: OWASP Top Ten - dev process Devdas Bhagat (Jul 13)
- Re: OWASP Top Ten - dev process Andrew van der Stock (Jul 13)
- Re: OWASP Top Ten - dev process Devdas Bhagat (Jul 13)
- <Possible follow-ups>
- RE: OWASP Top Ten - dev process Jeff Robertson (Jul 13)
- RE: OWASP Top Ten - dev process Evans, Arian (Jul 13)
- RE: OWASP Top Ten - dev process Evans, Arian (Jul 13)
- Re: OWASP Top Ten - dev process Michael Silk (Jul 13)