At AppSecDC in 2009, the OWASP Broken Web Applications (OWASP BWA) Project was announced and the first version of the project virtual machine was released. The virtual machine provides a standard set of web applications with various types of security vulnerabilities and is well suited for use as a learning environment and as a standard target for testing tools and techniques. This talk will provide an update on the current state of the project and describe the vision for the project’s future.