[SC-L] Metrics
Steven M. Christey
coley at linus.mitre.org
Fri Feb 5 10:59:34 EST 2010
On Fri, 5 Feb 2010, McGovern, James F. (eBusiness) wrote:
> One of the general patterns I noted while providing feedback to the
> OWASP Top Ten listserv is that top ten lists do sort differently. Within
> an enterprise setting, it is typical for enterprise applications to be
> built on Java, .NET or other compiled languages where as if I were doing
> an Internet startup I may leverage more scripting approaches. So, if
> different demographics have different behaviors what would a converged
> list or even a separate list tell us?
A converged list is useful for general recommendations to people who
haven't made their own custom lists. The 2010 Top 25, due to be released
Feb 16, also considers alternate "Focus Profiles" with different
prioritizations to serve different use cases and get people thinking about
how to do their own prioritization.
The general list, meanwhile, captures what patterns may exist across all
participants - i.e., what everyone is most worried about.
- Steve
More information about the SC-L
mailing list