Seems to be a comprehensible list.
> [5] 76.9 CWE-306 Missing Authentication for Critical Function
> [6] 76.8 CWE-862 Missing Authorization
Take a look at the sprawling REST articles and postings on the internet. How many of them even address authorization and authentication?
