Change from Vulnerabilities to Risks

OWASP / www-project-top-10-for-large-language-model-applications

OWASP Foundation Web Respository

Other

450 stars 119 forks source link

Change from Vulnerabilities to Risks #188

Open Bobsimonoff opened 9 months ago

Bobsimonoff commented 9 months ago

With the realization that the top 10 focuses on the risks that vulnerabilities, I recommend changing our template and the content of the Top 10 to match.

The TL;DR

Fo to the OWASP Top 10 page and the first 2 sentences read:

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

My detailed reasoning is in this document: risks-vs-vulnerabilities.md

rossja commented 9 months ago

I agree that this makes sense, but think we need to reach consensus. In the meantime though, I've updated the style guide and the template for entries to swap out this wording in favor of risk, so folks can see what that looks like. (I did NOT update the entries for 1.1 to match, but feel we probably can do that for the next sprint if folks agree to this change).