Open Bobsimonoff opened 9 months ago
I agree that this makes sense, but think we need to reach consensus. In the meantime though, I've updated the style guide and the template for entries to swap out this wording in favor of risk, so folks can see what that looks like. (I did NOT update the entries for 1.1 to match, but feel we probably can do that for the next sprint if folks agree to this change).
With the realization that the top 10 focuses on the risks that vulnerabilities, I recommend changing our template and the content of the Top 10 to match.
The TL;DR
Fo to the OWASP Top 10 page and the first 2 sentences read:
My detailed reasoning is in this document: risks-vs-vulnerabilities.md