OWASP Updates Top Ten Highlighting Supply-Chain Risks

OWASP released its Top Ten 2025 Release Candidate in early 2025, updating web-application risks and elevating supply-chain and software integrity failures. The RC emphasizes CI/CD integrity checks, observability, and continued prevalence of broken access control and API risks, while noting AI-specific risks addressed in a separate OWASP AI Top Ten. Practitioners must harden pipelines, enforce authorization, and secure dependencies.
Key Points
- 1Highlights supply-chain and software integrity failures added, elevating CI/CD and artifact verification as core issues.
- 2Shows attackers shifted to poisoned packages, ransomware-as-a-service, and AI-augmented social engineering increasing attack scale.
- 3Urges developers to build observability and integrity into pipelines, enforce authorization, and secure dependencies.
Scoring Rationale
Reflects official OWASP RC elevating supply-chain and integrity, but represents an update rather than paradigm-shifting innovation.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
