Top Ten Survey


As of the Top Ten 2017 and 2021, we conducted an industry survey to determine two of the ten categories for the OWASP Top Ten.

We are doing this again for the 2024 Top Ten as we found it to be a valuable way to allow individuals in the community identify important risks that may not be in the data from organizations.

Data from organizations, Survey from individuals

01

Initial Selection

We pull CWEs that have been "on the cusp" of making the Top Ten, featured in other lists, and from significant events.

02

Initial Vetting

We let you know how we determined the proposed list of CWEs for the survey and solicit feedback to determine if we are missing something important.

03

Publish the Survey

We publish the survey for industry professionals to complete and lend their voice to the Top Ten. Individuals rank their top four from the list.

04

Tabulate the Results

When the survey is over, we take the results and compare with the data analysis and identify two risks that have received the most votes and aren't already present in the data.


Share by: