Blog
Stack Overflow Business
Stack Internal: the knowledge intelligence layer that powers enterprise AI.
Stack Data Licensing: decades of verified, technical knowledge to boost AI performance and trust.
Stack Ads: engage developers where it matters — in their daily workflow.

Making the OWASP top ten in the vibe code era

Ryan welcomes back Tanya Janca, now part of the OWASP Top 10 team, to discuss what changed in the latest OWASP Top 10 release, how the list shifted from “outdated components” to a broader software supply chain focus, and why they added memory safety and vibe-coding as awareness items.

Article hero image

The OWASP Top 10 for 2025 is the latest standard awareness document for developers and web application security that represents a broad consensus about the most critical security risks to web applications.

Learn more about Tanya’s work at her website and her new podcast DevSec Station. You can learn how to prompt your AI for secure code with her prompt library.

Read Tanya’s articles on our blog.

Congrats to Populist badge winner Rob Kielty for winning the badge on their answer to How can I tell IntelliJ's "Find in Files" to ignore generated files?.

Add to the discussion

Login with your stackoverflow.com account to take part in the discussion.