The OWASP Top 10 has been updated. The PDF version is way at the bottom. Top lists of anything are tough because you have to draw lines and qualifications somewhere. I like that the authors mention some items they left out such as input validations and buffer overflows, but I’m a little concerned that those should still have been included. I guess I am not yet satisfied with why they left them out.
Then again, I have yet to give this a deeper read and maybe am just distilling the information a little slowly yet. Overall, love the OWASP stuff and this top 10 is excellent. Got linked to this from Jeremiah.
wait for the Guide 3.0… owasp top ten 2007 just kicks-off all the other owasp project iterations
the top ten is merely to gather interest and target areas where research and time can be spent. it’s like a mindmap if you think like an engineer. or a landing site if you think like a marketer
That makes perfect sense! Now I agree! 🙂