From 4d78d1524629d48b82a5af08db9dab2aaa8988bf Mon Sep 17 00:00:00 2001 From: Haoyu Yang Date: Fri, 24 Apr 2026 13:28:27 +0200 Subject: [PATCH 1/6] fix table format --- ...025-What_are_Application_Security_Risks.md | 45 +++++-------------- 1 file changed, 10 insertions(+), 35 deletions(-) diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md index e38da3d57..c173bcff9 100644 --- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md +++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md @@ -5,50 +5,25 @@ Attackers can potentially use many different paths through your application to d - - - - - - + + + + + +
- Threat Agents - - Attack \ -Vectors - - Exploitability - - Likelihood of Missing Security -

- - Controls -

- Technical -

- - Impacts -

- Business -

- - Impacts -

Threat AgentsAttack VectorsExploitabilityLikelihood of Missing Security ControlsTechnical ImpactsBusiness Impacts
- By environment, \ -dynamic by situation picture + By environment, dynamic by situation picture - By Application exposure (by environment) + By Application exposure (by environment) - Avg Weighted Exploit + Avg Weighted Exploitability - Missing Controls \ -by average Incidence rate \ -Weighed by coverage + Missing Controls by average Incidence rate Weighted by coverage Avg Weighted Impact From 30689547b7fcf975a2321b217dafc92fe9961980 Mon Sep 17 00:00:00 2001 From: Haoyu Yang Date: Fri, 24 Apr 2026 13:35:24 +0200 Subject: [PATCH 2/6] fix case in cell (use sentence case) --- .../0x02_2025-What_are_Application_Security_Risks.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md index c173bcff9..b918321b2 100644 --- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md +++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md @@ -17,19 +17,19 @@ Attackers can potentially use many different paths through your application to d By environment, dynamic by situation picture - By Application exposure (by environment) + By application exposure (by environment) - Avg Weighted Exploitability + Avg weighted exploitability - Missing Controls by average Incidence rate Weighted by coverage + Missing controls by average incidence rate weighted by coverage - Avg Weighted Impact + Avg weighted impact - By Business + By business
From fdbafd77a1aeb391dabb53ba4e2a7b916800d422 Mon Sep 17 00:00:00 2001 From: Haoyu Yang Date: Fri, 24 Apr 2026 13:39:58 +0200 Subject: [PATCH 3/6] avoid abbreviations --- 2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md index b918321b2..d74089bd2 100644 --- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md +++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md @@ -20,13 +20,13 @@ Attackers can potentially use many different paths through your application to d By application exposure (by environment) - Avg weighted exploitability + Average weighted exploitability Missing controls by average incidence rate weighted by coverage - Avg weighted impact + Average weighted impact By business From 77f4f9d7e59c0e711857d000b6b5d782b9765f4d Mon Sep 17 00:00:00 2001 From: Haoyu Yang Date: Fri, 24 Apr 2026 13:44:37 +0200 Subject: [PATCH 4/6] not bold data cell --- ...025-What_are_Application_Security_Risks.md | 24 +++++-------------- 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md index d74089bd2..0e7b48e36 100644 --- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md +++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md @@ -13,24 +13,12 @@ Attackers can potentially use many different paths through your application to d Business Impacts - - By environment, dynamic by situation picture - - - By application exposure (by environment) - - - Average weighted exploitability - - - Missing controls by average incidence rate weighted by coverage - - - Average weighted impact - - - By business - + By environment, dynamic by situation picture + By application exposure (by environment) + Average weighted exploitability + Missing controls by average incidence rate weighted by coverage + Average weighted impact + By business From 0a71a51cfed2cbb493bdba039689a42800ba9fc7 Mon Sep 17 00:00:00 2001 From: Haoyu Yang Date: Fri, 24 Apr 2026 13:47:58 +0200 Subject: [PATCH 5/6] use markdown table --- ...025-What_are_Application_Security_Risks.md | 22 +++---------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md index 0e7b48e36..c97bdebf2 100644 --- a/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md +++ b/2025/docs/en/0x02_2025-What_are_Application_Security_Risks.md @@ -3,25 +3,9 @@ Attackers can potentially use many different paths through your application to d ![Calculation diagram](../assets/2025-algorithm-diagram.png) - - - - - - - - - - - - - - - - - -
Threat AgentsAttack VectorsExploitabilityLikelihood of Missing Security ControlsTechnical ImpactsBusiness Impacts
By environment, dynamic by situation pictureBy application exposure (by environment)Average weighted exploitabilityMissing controls by average incidence rate weighted by coverageAverage weighted impactBy business
- +| Threat Agents | Attack Vectors | Exploitability | Likelihood of Missing Security Controls | Technical Impacts | Business Impacts | +| --- | --- | --- | --- | --- | --- | +| Varies by environment and context | Based on application exposure | Average weighted exploitability | Weighted by incidence rate and control coverage | Average weighted impact | Based on business impact | In our Risk Rating we have taken into account the universal parameters of exploitability, average likelihood of missing security controls for a weakness and its technical impacts. From f560a42846f08ebcf14da416344b849b8466ebc7 Mon Sep 17 00:00:00 2001 From: Haoyu Yang Date: Tue, 5 May 2026 10:23:32 +0200 Subject: [PATCH 6/6] tiny grammar fix --- ...3_2025-Establishing_a_Modern_Application_Security_Program.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md b/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md index 11f75e0e6..c7d3a5758 100644 --- a/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md +++ b/2025/docs/en/0x03_2025-Establishing_a_Modern_Application_Security_Program.md @@ -42,7 +42,7 @@ If you are starting a program from scratch, or you find OWASP SAMM or DSOMM ‘t * Review your current system development life cycle and all software security activities, tooling, policies, and processes, then document them. -* For new software, add one or more security activities to each phase of the system development life cycle (SDLC). Below we offer many suggestions of what you can do below. Ensure you perform these new activities on every new project or software initiative, this way you will know each new piece of software will be delivered at an acceptable security posture for your organizations. +* For new software, add one or more security activities to each phase of the system development life cycle (SDLC). Below we offer many suggestions of what you can do. Ensure you perform these new activities on every new project or software initiative, this way you will know each new piece of software will be delivered at an acceptable security posture for your organizations. * Select your activities to ensure your final product meets an acceptable level of risk for your organization.