OWASP Top 10 2025—from code to supply chain: Expanding boundaries of security

The OWASP Top 10 2025 list expands security boundaries from code to the entire supply chain, introducing new categories like Software Supply Chain Failures and Mishandling of Exceptional Conditions. This updated list reflects the evolving threat landscape and emphasizes that security is a discipline integrated throughout the software development lifecycle, not just a feature.