The OWASP Top 10 has been updated. The PDF version is way at the bottom. Top lists of anything are tough because you have to draw lines and qualifications somewhere. I like that the authors mention some items they left out such as input validations and buffer overflows, but I’m a little concerned that those should still have been included. I guess I am not yet satisfied with why they left them out.
Then again, I have yet to give this a deeper read and maybe am just distilling the information a little slowly yet. Overall, love the OWASP stuff and this top 10 is excellent. Got linked to this from Jeremiah.