论文标题
OWASP前10名列表是否足够全面编写安全代码?
Is the OWASP Top 10 list comprehensive enough for writing secure code?
论文作者
论文摘要
OWASP TOP 10是由Open Web应用程序安全项目(OWASP)发布的列表。通用目的是用作撰写代码时避免的错误的监视清单。本文比较了在国家漏洞数据库(NVD)中列出的漏洞中实际报告了前十名列表中描述的其中有多少弱点。这样一来,对于过去十年中发现的代码弱点而言,OWASP前10名列表是否足够全面,就可以从经验上证明。
The OWASP Top 10 is a list that is published by the Open Web Application Security Project (OWASP). The general purpose is to serve as a watchlist for bugs to avoid while writing code. This paper compares how many of those weakness as described in the top ten list are actually reported in vulnerabilities listed in the National Vulnerability Database (NVD). That way it makes it possible to empirically show whether the OWASP Top 10 list is comprehensive enough or not, for code weaknesses that have been found in the past decade.
