OWASP

A nonprofit that produces freely available security standards, tools, and educational resources. Best known for the OWASP Top 10 (a regularly updated list of the most critical web application security risks), OWASP also maintains the CycloneDX SBOM standard, the Application Security Verification Standard (ASVS), and testing guides. Referencing OWASP standards in security requirements is common in enterprise procurement.