Support "1.7 Incident handling" from MVSP

[cmlh]

"1.7 Incident handling" of MVSP is reproduced below (space characters are not supported by Markdown):

1.7 Incident handling * Notify your customers about a breach without undue delay, no later than 72 hours upon discovery * Include the following information in the notification: 1. Relevant point of contact 2. Preliminary technical analysis of the breach 3. Remediation plan with reasonable timelines

Should we add support for "1.7 Incident handling" of MVSP by expanding 0x15 V7 Error Logging v7.3 Log Protection or creating new ASVS Requirement[s]?

The parent of this issue is #1151.

[elarlang]

ASVS goal is to verify, that you are able to detect incidents and you have enough security related information to investigate an incident. Incident handling process or procedure itself is out ot ASVS scope.

[tghosth]

I am going to reopen this as it has come up in a different context as well..

[tghosth]

@set-reminder 4 weeks @tghosth to look at this

[octo-reminder[bot]]

⏰ Reminder Wednesday, January 4, 2023 12:00 AM (GMT+01:00)

@tghosth to look at this

[tghosth]

I'm going to close again for now, we seem to be focusing ASVS pretty specifically on the building an application securely whereas this is more of a process/activity related to operating an application...

[octo-reminder[bot]]

🔔 @tghosth

@tghosth to look at this