In September, MITRE talked about statistical proof that apps still suck on a mail list. In fact, web apps suck much more than any other form of vulnerability.
MITRE was surprised that their data set was so popular, and cleaned it up and released it.
http://cwe.mitre.org/documents/vuln-trends.htmlÂ
These will form the basis of the OWASP Top 10 2007, and as I’m also working on the SANS Top 20 2006 will contain some or all of this detail, with some luck.
Leave a Reply