Skip to content

OWASP Operational Technology (OT) Top 10

WIP: What's next?

What's next and where to start?

give some concrete hints what would be good intial steps for different roles

As a Builder

As an Operator

As a Security Professional

For this project

convert all current items from bullet-point lists to text-form
fix the list behavior (e.g., 4 spaces are needed for new sublist items)
move 'existing lists/top-11 items' to 'related OWASP projects' (and rename this into 'related projects')

Template-specific

remove the 'how to test' section and add it to an appendix document?
rename the 'design/implementation' and 'operational' sections to something more role-specific?
unify the 'references' section? remove the subsections and just add a list with items and their respective descriptions?

Conceptional problems

high- vs low-level vulnerabilities? Maybe split out into a separate list (alternative: separate list for vendors/integrators and operators)