Why does the OWASP top 10 never change?

Or very rarely? Subtext, how should we work to create more secure applications? The OWASP top to remains largely unchanged over long periods of time.  We still see high profile breaches like Talk Talk caused by easy to protect against application attacks.  These fact imply many organisations are still failing to do ‘application security’ properly. … Continue reading Why does the OWASP top 10 never change?