This week, OWASP released a working draft of its latest OWASP Top 10 vulnerabilities list. This is the first time that changes were made on this industry benchmark list in four years, even though many of the vulnerabilities remain the same. OWASP Top 10 is designed to help developers, designers, architects and business owners avoid risks associated with the most common vulnerabilities and provide standards for prioritizing vulnerability mitigation. The greatest change of 2017 Top 10 is the addition of application programing interfaces (APIs), and it could potentially help raise more awareness about API security. However, some would think that the Top 10 list is not evolving quickly enough to keep up with the pace of the changes in how software is delivered, and thus unable to cover the changing trends. On the other side, some think that there’s no need to update the list every year because the strong similarities mean that the trend does not change that quickly.
I would rather agree that the list should be updated every year because it would be better to stay ahead of hackers for no major reasons than operating under risk of ethical hackers not evolving enough. There should never be a good reason to be one step behind of cyber criminals.