RE: OWASP Top Ten - The certification and blame problem

["Steven M. Christey" <coley () mitre org>]

I think the continued notion of a "Top Ten" is a great one, especially
with respect to visibility and with at least identifying the most
frequent and glaring errors.  Maybe it could be called the "Bare
Minimum Ten" or something like that.  That's what the current Top Ten
is really talking about, right?  The low-hanging fruit?

By its name, a "Minimum Ten" implies that if that's all you're
covering, it's not enough.

- Steve