We have the following two tags:
- owasp, 142 questions
- owasp-top-ten, 57 questions
Questions tagged with one or both of these falls in a number of categories:
- They are about OWASP products, e.g. Zap.
- They are about the practices of the OWASP organization itself, e.g. criteria for the top ten list.
- They are about an issue included on the top ten list, such as XSS.
- The OP came across some OWASP resource while doing research for the question.
To me, #1 and #2 looks like legit reasons to tag but #3 and #4 do not. If they were, every single webapp question could be tagged with owasp-top-ten.
So I'd suggest we do something about this tag misuse. Removing the tags where they do not belong would be a start. Perhaps they should also be merged into one? Or what do you think?