Jim Manico @ AllAroundTheWorld · Mar 31, 2021 · 2:25 PM UTC

Jim Manico @ AllAroundTheWorld

Jim Manico @ AllAroundTheWorld @manicode

31 Mar 2021

Anyone whose security program is to only address the @OWASP Top Ten will have •massive• security gaps no matter what we put in it. And no one is suggesting that dev’s should skip logging. This is called a “straw man argument” and is a form of manipulation. #booo

This tweet is unavailable

Bil Corry · Mar 31, 2021 · 9:31 PM UTC

Bil Corry · Mar 31, 2021 · 9:31 PM UTC

Bil Corry @bilcorry

31 Mar 2021

Replying to @manicode @owasp

Easy enough to fix. I present to you the OWASP Top One: 1. All the vulns in the universe — past, present, and future. Protect against that and don’t let me down.

Mar 31, 2021 · 9:31 PM UTC

Andy Steingruebl @asteingruebl@infosec.exchange · Mar 31, 2021 · 9:42 PM UTC

Andy Steingruebl @asteingruebl@infosec.exchange @asteingruebl

31 Mar 2021

Replying to @bilcorry @manicode @owasp

To steal from Dan Geer (I was recently reminded of this quote) - "my own definition of security: The absence of unmitigatable surprise. "

Jim Manico @ AllAroundTheWorld · Mar 31, 2021 · 9:55 PM UTC

Jim Manico @ AllAroundTheWorld @manicode

31 Mar 2021

I’m not saying to protect against all the vulns in the universe, @asteingruebl and @bilcorry but I am saying we can do much better than just a top 10 awareness list. 🤷‍♂️

more replies

Jim Manico @ AllAroundTheWorld · Mar 31, 2021 · 9:47 PM UTC

Jim Manico @ AllAroundTheWorld @manicode

31 Mar 2021

Replying to @bilcorry

How about the ASVS from @owasp a more reasonable set of requirements for secure development?