ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

The OWASP Top 10 is specifically published as a short, community-vetted awareness document that ranks the ten most critical web application security risks. It is intended to help developers, testers, and project managers quickly understand and prioritize the most common and serious issues in modern web apps.

• The MITRE ATT&CK Enterprise matrix catalogs adversary tactics and techniques for security operations, not developer-focused coding weaknesses.
• NIST SP 800-53 is a comprehensive control framework for federal information systems and is far broader than a top-risk awareness list.
• The CVSS specification explains how to score individual vulnerabilities; it does not provide a prioritized list of common web application flaws. Therefore, the OWASP Top 10 is the correct choice.