This document discusses how various web application vulnerabilities have fallen off the OWASP Top 10 list over time due to concerted efforts to make development more secure by default. It provides examples of how buffer overflows, SQL injection, cross-site request forgery (XSRF), and cross-site scripting (XSS) have been addressed through improved frameworks, tooling, coding practices, and mitigations like input validation, parameterized queries, output encoding, and content security policies. The document advocates applying these lessons to other vulnerability classes to progressively make web development inherently less prone to security bugs.