This project was renamed to OWASP Top 10 Risks in 2010. It is now often referred to "Top 10" alone.
I think the next release would be a great opportunity to rename it to something more significant.
Top 10 "Risks"
Risks is the likelihood of a security threat to happen. Therefore an SQL injection is not a risk. The possibility for private information being stolen or the possibility of some content being modified by an attacker are risks examples because they demonstrate a threat.
Does an XSS in a production system vs development system pose the same risk? It is the same vulnerability. It is the same software. The impact will likely be more important on the production environment.
This project was renamed to OWASP Top 10 Risks in 2010. It is now often referred to "Top 10" alone.
I think the next release would be a great opportunity to rename it to something more significant.
Top 10 "Risks"
Risks is the likelihood of a security threat to happen. Therefore an SQL injection is not a risk. The possibility for private information being stolen or the possibility of some content being modified by an attacker are risks examples because they demonstrate a threat.
Does an XSS in a production system vs development system pose the same risk? It is the same vulnerability. It is the same software. The impact will likely be more important on the production environment.
Definitions:
It is also important to link up with other fields of cyber security notably threat analysis and risk management.
Better alternatives
..What do you guys think?