Permalink
Fetching contributors…
Cannot retrieve contributors at this time
71 lines (50 sloc) 2.59 KB
layout title type track technology related-to status when-day when-time location room-layout organizers participants outcomes
blocks/working-session
Is the Owasp Top 10 Data Collection Open
workshop
Owasp Top 10 2017
out
u-layout
Dave Wichers
Tiffany Long
mapped

Why

OWASP Top 10 is one of the most important and widely recognised OWASP projects. OWASP's reputation and value to the AppSec community depends greatly on the 'O' part of OWASP (Open).

The current RC version of the OWASP Top 10 2017 has generated some debate about the openness of the process used, and the potential conflicts of interest for the authors. However, the authors have claimed that this was the most Open process so far.

This Working Session presents an opportunity to clarify this situation, and for evidence to be presented and discussed on both sides of the argument.

See Behind the The OWASP Top 10 2017 RC1 for good points on the need to be independent and open.

Potential Risks{:style="width:345px"}

What

  • Agree upon definition of 'Openness'
  • Provide evidence on lack of Openness
  • Provide evidence on Openness
  • Review evidence provided
  • Reach a conclusion

Outcomes

  • Framework to apply to the current and future process for the Top 10
  • Framework suggestions for other simularly created documentation processes

Who

The target audience for this Working Session is:

  • Security professionals
  • OWASP community

References:


Working materials

Here are the current 'work in progress' materials for this session (please add as much information as possible before the sessions)

Content

... Add content ...