Is the OWASP Top 10 list comprehensive enough for writing secure code? (2002.11269v1)

Abstract: The OWASP Top 10 is a list that is published by the Open Web Application Security Project (OWASP). The general purpose is to serve as a watchlist for bugs to avoid while writing code. This paper compares how many of those weakness as described in the top ten list are actually reported in vulnerabilities listed in the National Vulnerability Database (NVD). That way it makes it possible to empirically show whether the OWASP Top 10 list is comprehensive enough or not, for code weaknesses that have been found in the past decade.