The OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog available. I spoke with co-leads Florian Stahl and Stefan Burgmair about how the project was started, the selection process for the top 10 risks and their future plans. About Florian Stahl Florian Stahl is a German security and privacy consultant and evangelist. He achieved his master’s with honors in information systems science at the University of Regensburg in Germany and his master's in computer science at Växjö Universitet in Sweden. Florian started his professional career at the Swedish security software vendor Cryptzone in Gothenburg in 2006. He came back to Germany in 2009 and worked as consultant for Ernst & Young in Munich before moving on to msg systems where he currently holds the position as Lead Consultant. Florian has CISSP and CIPP/IT certifications and speaks fluent German, English and Swedish. His aim is to follow a holistic approach by combining technical, organisational and social measures to protect information. He is regular speaker at conferences and writes articles for magazines and on his blog securitybydesign.de. He leads the OWASP_Top_10_Privacy_Risks_Project. About Stefan Burgmair Stefan Burgmair is a German student at the Munich University of Applied Sciences. After he gained his B. Sc. title in Information Systems and Management he now writes his master thesis on the "Top 10 Privacy Risks for Web Applications" at the msg systems. Together with his advisor Florian Stahl, he is managing the OWASP Top 10 Privacy Risks Project.