top of page



OWASP Top 10 List Updated For First Time Since 2013

Taproot Security and many others contributed to influential industry guide


Saint Paul, MN, November 20, 2017 – Today the Open Web Application Security Project (OWASP) announced publication of a long anticipated update to its Top Ten Most Critical Web Application Security Risks.


The OWASP Top Ten is perhaps the most influential industry guide to software application risks and best practices, leveraged in many US and international standards, and used by thousands of companies and government agencies. This was its first update since 2013, incorporating risk data from many organizations, and input from many experts and practitioners.

Taproot Security participated in the Top Ten List's development through informal discussions, as well as formal comments on two risks that were proposed as additions. Taproot's comment on risk A7 was one of many challenging its inclusion. Taproot's comment on risk A10 was supportive. A7 was subsequently withdrawn, and A10 was refactored into other risks.

Taproot Security applauds the transparent process adopted by project leaders, and proudly endorses the 2017 Top Ten List.


​About Taproot Security


Taproot Security is an information security consulting firm advising industry and government on cyber issues and policy. For more information, please visit




To learn more about this announcement, please contact

Michael McCormick

Founder & President

Taproot Security, LLC


- END -

bottom of page