When will cloudflare update OWASP Core Ruleset? I think there is a newer version of these rules?
These are 2017 New rules - https://www.owasp.org/index.php/Top_10-2017_Top_10
I’m interested in that, too.
Searching for OWASP 2017 in the Cloudflare channels, this was the only mention I found:
At Cloudflare, we use three key indicators to understand the severity of a vulnerability 1) how many customers on Cloudflare are running the affected software 2) the Common Vulnerability Scoring System (CVSS) score, and 3) the OWASP Top 10, an open-source security framework.
We assess this vulnerability to be very significant as it has a CVSS score of 9.8/10 and affects 7 out of the 10 key risk areas of the OWASP 2017 Top 10.
I asked them via ticket about 1 year ago and support executive at that time told me that they have implemented it months ago. But now they are showing itself that they are using 2013 version. Its about two year for new ruleset and they are still using old rulesets.