The Top 10 has a new look and feel, with some changes to the categories.

A05:2021-Security Misconfiguration moves up from #8 to #5 in terms of severity. The average incidence rate is 3.37% with an occurrence count of 274k CWEs mapped into this category. This category also includes configuration management issues such as missing patches or misapplied patches; these are not security issues per se but they can lead to severe consequences if exploited by attackers (e.g., Heartbleed)

Back to Main