Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 14 Nov 2016 09:42:23 -0500
From: Chaim Sanders <>
Subject: OWASP Core Rule Set v3.0.0 (final) Released.

Happy Monday fellow Open Source Security aficionados,

I am pleased to share with you the release of the OWASP Core Rule Set (CRS)
Version 3.0.0 (stable). For those who are unaware, the OWASP CRS is a set
of generic rules designed to protect users against threats to web
applications. The rule set is most often deployed in conjunction with an
existing Web Application Firewall like ModSecurity

This latest version features many changes that help make CRS a valuable
part of a Defense in Depth strategy for protecting you web application.
Some of these include:

·  Improved and More Precise Detection Coverage

·  Reduced False Positives and the Introduction of Paranoia Levels

·  Anomaly Scoring Mode by Default

·  Simplified User Experience

·  New Remote Code Execution Rules

·  Improved Layout, Documentation, and Testing

With this new release we are seeing on the order of 90-95% fewer false
positives in production environments. This is a large improvement that
should make CRS more accessible to the masses and we hope you all find it
useful as well. We are always looking for feedback, feel free to test and
report any issues to us.

To download a copy or to submit any issue, please visit our Github
<> (
If you are seeking additional information about the release, please check
out this accompanying blog post <>. The OWASP CRS team
is truly excited and pleased with this release, there are even rumors this
new rule set is being made into a movie <>

Chaim Sanders, on behalf of the Core Rules Set development team.

Chaim Sanders

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.