Source: thenewstack.io
The Latest OWASP Top 10 Looks a Lot Like the Old OWASPCategory: Software, Security
For almost 20 years, the Open Web Application Security Project (OWASP). In its most recent update of OWASP’s Top 10 list of the most critical web application security risks, the organization boasts a new graphic design and one-page infographic, but the contents, the actual security risks, are all too familiar.
That means that programs, which claim they provide complete coverage of OWASP Top 10 security vulnerabilities are, shall we say, shading the truth.
But, if you use software security chain standards, such as the ISO Software Package Data Exchange (SPDX), to track your programs you’ll go a long way to avoiding OWASP problems 6 and 8.
The solution is not inadequate security programs, it’s educating developers on how to bake fundamental security into their programs.
That means that programs, which claim they provide complete coverage of OWASP Top 10 security vulnerabilities are, shall we say, shading the truth.
But, if you use software security chain standards, such as the ISO Software Package Data Exchange (SPDX), to track your programs you’ll go a long way to avoiding OWASP problems 6 and 8.
The solution is not inadequate security programs, it’s educating developers on how to bake fundamental security into their programs.
Related Articles
Community Partners
DevOps Careers