A05:2021-Security Misconfiguration moves up to the fifth position, previously known as A5:2017-Sensitive Data Exposure. The new name focuses on misconfigurations of security controls rather than just sensitive data exposure. This category often leads to sensitive data exposure or system compromise.
A06:2021-Vulnerable and Outdated Components shifts down one position from #4 in 2017 to #6 for 2021 with a max incidence rate of 18%, an average incidence rate of 3.04% and the 33 CWEs mapped into this category have the third most occurrences in applications with 264k occurrences; more than any other category except Broken Access Control (CWE 318)
https://t.co/KbQriXpcDF