What is the relation of the 2009 CWE Top 25 and the 2010 CWE Top 25?
The 2010 Top 25 makes substantial improvements to the 2009 list, but the spirit and goals remain the same. This year’s Top 25 prioritizes its entries using inputs from over 20 different organizations, which evaluated each weakness based on prevalence and importance. The new version introduces focused profiles that allow developers and other users to select the parts of the Top 25 that are most relevant to their concerns. The new list also provides a small set of the most effective mitigations, helping developers to reduce or eliminate entire groups of the Top 25 weaknesses, as well as many of the other 800 weaknesses that are documented in the Common Weakness Enumeration (CWE). Finally, many high-level weaknesses from the 2009 list were replaced with lower-level variants that are more actionable.
