Listede benim dikkatimi çeken nokta, "insecure cryptographic storage" bölümünde md5 ve sha1'in zayıf algoritmalar olarak tanımlanmış olması.
İlgili cümle tam olarak şöyle; " Do not use weak algorithms, such as md5, sha1 "
Mail listesinden gelen orjinal metin;
OWASP is pleased to announce the immediate availability of the OWASP Top 10
2007 release candidate 1. You can download it in Word and PDF form here:
The public comments phase opens today and will continue until February 28,
2007 for all and sundry. We have collected some feedback already, which will
be incorporated into RC2 - such as:
* CWE links to particular weaknesses for every section
* Links to Suhosin and HardenedPHP for one of the sections
If you have any feedback or changes, please either join the OWASP Top 10
mail list, or mail me offline if you cannot work publicly.
Andrew van der Stock
Executive Director, OWASP