As of the Top Ten 2017 and 2021, we conducted an industry survey to determine two of the ten categories for the OWASP Top Ten.
We are doing this again for the 2024 Top Ten as we found it to be a valuable way to allow individuals in the community identify important risks that may not be in the data from organizations.
We pull CWEs that have been "on the cusp" of making the Top Ten, featured in other lists, and from significant events.
We let you know how we determined the proposed list of CWEs for the survey and solicit feedback to determine if we are missing something important.
We publish the survey for industry professionals to complete and lend their voice to the Top Ten. Individuals rank their top four from the list.
When the survey is over, we take the results and compare with the data analysis and identify two risks that have received the most votes and aren't already present in the data.
© OWASP Top Ten Project