Software supply chain failures and mishandling of exceptional conditions are some of the additions to the updated OWASP Top 10, a list of top web application vulnerabilities. Most of the list has remained unchanged since 2021. In fact, the top item, broken access control, has been on the Open Worldwide Application Security Project’s list since it was first released in 2003. “Everyone tries to craft their own authentication and access control mechanisms,” says Jeff Williams, CTO and cofounder at Contrast Security. Williams created the list and served as the chair of the OWASP board for eight years. There are standard mechanisms out there, but most applications have specialized needs, he says....