The OWASP Top 10 is considered one of the most important community contributions to come out OWASP. In 2003, just two years after the organization was started, the OWASP Top 10 was created. The purpose of the project was to create an awareness document, highlighting the top ten exploits security professionals should be aware of. Since that time, innumerable organizations have used it as a guideline or framework for creating security programs. The current Top 10 list was released four years ago, in 2017.
As part of a 2021 initiative at OWASP, the OWASP Top 10 is in the process of being updated, and scheduled for release this summer, in time for the OWASP 20th Anniversary Celebration. I was curious as to what has changed over the years with the Top 10, and what to anticipate in the upcoming release. In this broadcast, I talk with Andrew van Der Stock, Executive Director of OWASP. He explains how the top ten exploits are chosen, the data source for determining the exploits, and the data research done to verify the selections chosen.
Our conversation starts with why the OWASP Top 10 is being spotlighted after being static for the past four years.
About this Podcast
- Today's broadcast is supported by the OWASP 20th Anniversary Celebration, coming September 2021. The CFP is now open for this online, 24 hour conference. Go to OWASP.org for more information.
- This broadcast is also supported by JupiterOne, providing cyber asset discovery and visibility into your entire cloud native infrastructure. Know more, fear less, with JupiterOne.
- CFP for OWASP 20th Anniversary Celebration: owasp.org/2021/03/08/cfp-20th-anniversary.html
- The OWASP Top 10: https://owasp.org/www-project-top-ten/