ASVS
ASVS copied to clipboard
OWASP
Crypto appendix, simplify introduction
Current wording of the cryptographic appendix introduction:
V6 goes beyond simply defining best practices. It aims to enhance understanding of cryptography principles and encourage the adoption of more resilient, modern security methods. This appendix provides detailed technical information regarding each requirement, complementing the overarching standards outlined in V6
I would simplify and just say:
This appendix provides detailed technical information regarding each requirement, complementing the overarching standards outlined in V6.
What does the shortened text bring? I'm just trying to understand what the issue was with the original text. Do we need to simplify it?
I think I feel the first two sentences are somewhat weird in this context (probably subjective):
- It starts with statement about V6 ("V6 goes beyond simply defining best practices"). Maybe this should go into V6 and not in the appendix?
- "It aims to enhance understanding of cryptography principles". Is this beyond the scope of ASVS in general?
I think this appendix is slightly outside the standard ASVS scope but we are attempting to go above and beyond in any case.
How about:
"In this appendix, ASVS version 5.0 tries to go beyond simply defining best practices for Cryptography but rather also tries to enhance understanding of cryptography principles and encourage the adoption of more resilient, modern security methods. The appendix provides detailed technical information, complementing the overarching standards outlined in each requirement in the main ASVS chapter."
How about:
"In this appendix, ASVS version 5.0 goes beyond simply defining best practices for Cryptography but rather aims to enhance understanding of cryptography principles and encourage the adoption of more resilient, modern security methods. The appendix provides detailed technical information, complementing the overarching standards outlined in each requirement in the main ASVS chapter."