The Top 10
Methodology
How were the OT Top 10 created?
- meetings every two weeks to gather the top 10 list
- quantitative discussion to form the top 10
How did we make sure that we covered reality?
- check existing OT incident reports and see if the proposed top 10 fit
Structure of each Top 10 Item (also see template)
Each entry in the OWASP OT Top 10 will be accompanied by a short description, public incidents exploiting that entry, recommended mitigation and countermeasures, as well as references and tooling to assist in addressing the identified risks.
Field | Description |
---|---|
Name | Name/Title of the Item |
Description | Show description of the item |
Known OT Attacks utilizing this Item | https://www.icsadvisoryproject.com, https://icsstrive.com/ |
Mitigation/Countermeasures | There will be multiple levels: 1) design and implementation level mitigations for developers/builders; 2) operational mitigations for integrators, e.g., air-gapping systems |
References | Relevant standards |
Tooling | Links to Tools that can be used to test for the vulnerability |