Sponsored By

IAM: The Reason Why OWASP Top 10 Doesn't Change

OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?

Gunnar Peterson

November 30, 2012

1 Min Read

OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?

Some years ago, Chris Hoff asked why the OWASP Top 10 doesn't change. Yes, Appsec feels like Groundhog Day, but it's not because the people at OWASP are sitting on their hands. The OWASP Top 10 catalogs the top Web vulnerabilities that all applications face, and it's reviewed and updated on a regular basis. But Hoff is right: It mostly does not change.

To refresh your memory, here is the OWASP Top 10 for 2010:

About the Author(s)

Gunnar Peterson

CISO, Forter

Gunnar Peterson currently serves as Forter's chief information security officer (CISO). Prior to Forter, he held leadership positions at Bank of America as chief security architect and Carnegie Mellon University's Software Engineering Institute as visiting scientist. Gunnar is also a leading contributor to the Open Web Application Security Project (OWASP), the Cloud Security Alliance and the Institute of Electrical and Electronics Engineers (IEEE).

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights