I'd previously mentioned the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors, which ComputerWeekly said New York State was updating its procurement terms (application security procurement language) to address, with other states to follow. Latest version is now 5 April 2010.
It's useful for those buying software as well as developers, in terms of security requirements to specify in the contract.
I've mentioned it again as a reminder, because Heise Security report that the Open Web Application Security Project (OWASP) on 19 April 2010 released their Top 10 Web Security Risks for 2010 - another useful list.
Not surprisingly, there's a big overlap between the two lists.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.