Skip to content

Add OWASP Top 10 for Quantum Security entries (QS01-QS10)#3

Merged
jsotiro merged 2 commits into
mainfrom
Top10
Jul 14, 2026
Merged

Add OWASP Top 10 for Quantum Security entries (QS01-QS10)#3
jsotiro merged 2 commits into
mainfrom
Top10

Conversation

@jsotiro

@jsotiro jsotiro commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Adds ten markup entries under quantum-top-10/, one per risk (QS01–QS10), each built from _template.md using the source draft OWASP_Top10_Quantum_Security_v0.2.md.

Structure

Each entry follows _template.md: Vulnerability Name → Description → Common Examples of Vulnerability → How to Prevent → Example Attack Scenarios → Reference Links, plus a Standards and Regulatory Mapping section carried over from the source (marked with a > **TODO:** flag since it is not part of the template).

References

All reference URLs were verified against authoritative canonical sources (NIST, NCSC, EU roadmap/EUR-Lex, NSA, CISA, IETF, and academic DOIs). Notable corrections:

  • QS08 mis-citation fixed: "Choudhury et al." → the real paper, Li et al., "Crosstalk-induced Side Channel Threats in Multi-Tenant NISQ Computers" (NDSS 2025).
  • Two distinct Xu et al. CCS 2023 papers separated: reset/state-leakage (QS08) and power side-channel (QS10).
  • Academic titles/DOIs corrected for Ash-Saki, Suresh, Chu (QTrojan), Mi; noted that Suresh/Mi are countermeasure papers rather than pure attacks.

Reviewer notes (open items)

  • Example Attack Scenarios are synthesized from the source's risk descriptions (QS08–QS10 anchor to the cited papers). Please sanity-check wording.
  • Standards and Regulatory Mapping sections are TODO-flagged — decide whether to keep them in the final entry format.
  • The source doc OWASP_Top10_Quantum_Security_v0.2.md carries the same "Choudhury et al." error and the same attack/defense framing for Suresh/Mi; those were corrected here but not yet in the source doc.

John Sotiropoulos added 2 commits July 13, 2026 16:30
- Replace best-effort URLs with verified canonical sources (NIST, NCSC,
  EU roadmap/EUR-Lex, NSA, CISA, IETF, academic DOIs)
- Correct QS08 mis-citation: 'Choudhury et al.' -> Li et al., NDSS 2025
- Split the two distinct Xu et al. CCS 2023 papers (QS08 reset, QS10 power)
- Correct academic titles; note Suresh/Mi are countermeasure papers
- Promote Standards & Regulatory Mapping to a visible TODO-flagged section
@Vishnu2707

Copy link
Copy Markdown

Hi @jsotiro, On the two open items you flagged, I can take a pass on the Example Attack Scenarios for any implementation-layer entries and swap in a real disclosed vuln instead of a synthesized one. I hold CVE-2026-46344 (liboqs heap overflow) plus fixes in liboqs, oqs-provider and circl, so I've got real cases to draw from. Also happy to scope the Standards/Regulatory Mapping section if that's still undecided. Which entries need it most?

@jsotiro

jsotiro commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator Author

Thank you @Vishnu2707 We are still prepping and this is staging. will coordinate via the slack channel project-quantum-secuirty. join and look for the announcements this week

@jsotiro jsotiro merged commit b12bbe8 into main Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants