Hi Dave,Dave replied:
Excellent work, Congrats!
Just one little query- Don't you think that Information Leakage & Improper
Error Handling still deserves to be in Top 10?
This topic is clearly a very prevalent issue that deserves attention by
most organizations. However, the typical impact of such a flaw is usually very low. Therefore, the overall risk of this type of flaw is lower than the other items in the top 10, which is why it was replaced in this update with one of the 2 new items.
Regarding dropping Info Leak/Error handling - It is incredibly
prevalent, no question. But their impact is typically very low, so the
overall risk is low, which is why it fell out of this new risk focused
top 10. It doesn't mean this isn't important, but the other items in our
opinion introduce more risk.
We'd rather have people spend more time fixing the actual flaws than
focusing on fixing info leak/error handling that help them find actual