Is the Owasp Top 10 Data Collection Open


Why

OWASP Top 10 is one of the most important and widely recognised OWASP projects. OWASP’s reputation and value to the AppSec community depends greatly on the ‘O’ part of OWASP (Open).

The current RC version of the OWASP Top 10 2017 has generated some debate about the openness of the process used, and the potential conflicts of interest for the authors. However, the authors have claimed that this was the most Open process so far.

This Working Session presents an opportunity to clarify this situation, and for evidence to be presented and discussed on both sides of the argument.

See Behind the The OWASP Top 10 2017 RC1 for good points on the need to be independent and open.

Potential Risks

What

  • Agree upon definition of ‘Openness’
  • Provide evidence on lack of Openness
  • Provide evidence on Openness
  • Review evidence provided
  • Reach a conclusion

Outcomes

  • Framework to apply to the current and future process for the Top 10
  • Framework suggestions for other simularly created documentation processes

Who

The target audience for this Working Session is:

  • Security professionals
  • OWASP community

References:


Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)

Content

… Add content …



Back to list of all Working Sessions and Tracks

Edit this page here