Social Media

The Making of the OWASP Top Ten

As of 2017, the OWASP Top Ten process is one of the more open processes for an OWASP Project.

We work hard to explain what we are doing, how we are doing it, and why.

How It Works

1. Initial Planning/Data Call

Core team gets together and plans a rough schedule, a data call is released.

2. Industry Survey

We determine content in the survey and release for industry participation.

3. Data Analysis

After the data is collected, it is normalized and analyzed.

4. Draft Top Ten

Once we determine the eight risks from the data and the two from the survey, we draft a new list. The Draft is publicly released for review. All issues raised and decisions made are recorded in GitHub issues.

5. Release

Once we have reached a consensus and the core team agrees, we release the new OWASP Top Ten.

Created with

Social Media

The Making of the OWASP Top Ten

﻿How It Works

1. Initial Planning/Data Call

2. Industry Survey

﻿3. Data Analysis

4﻿. Draft Top Ten

﻿5. Release

How It Works

3. Data Analysis

4. Draft Top Ten

5. Release