Is the Owasp Top 10 Data Collection Open
Owasp Top 10 2017
OWASP Top 10 is one of the most important and widely recognised OWASP projects. OWASP's reputation and value to the AppSec community depends greatly on the 'O' part of OWASP (Open).
The current RC version of the OWASP Top 10 2017 has generated some debate about the openness of the process used, and the potential conflicts of interest for the authors. However, the authors have claimed that this was the most Open process so far.
This Working Session presents an opportunity to clarify this situation, and for evidence to be presented and discussed on both sides of the argument.
See Behind the The OWASP Top 10 2017 RC1 for good points on the need to be independent and open.
- Agree upon definition of 'Openness'
- Provide evidence on lack of Openness
- Provide evidence on Openness
- Review evidence provided
- Reach a conclusion
- Framework to apply to the current and future process for the Top 10
- Framework suggestions for other simularly created documentation processes
The target audience for this Working Session is:
- Security professionals
- OWASP community
- "Owasp top 10 2017 RC - Comments, observations and ideas" Slideshare presentation (see screenshots of Jeff's response)
- The OWASP Top 10 — Response to the controversy from Jeff Williams
- Behind the The OWASP Top 10 2017 RC1
Here are the current 'work in progress' materials for this session (please add as much information as possible before the sessions)
... Add content ...