Sjoerd Langkemper

On some systems it is possible to configure different layouts for different keyboards. That way, you can configure your Etherkey device as US keyboard, while keeping your normal keyboard to...

Good suggestion. Rendering pitch numbers at high zoom levels would be great. [Here is an example](https://www.openstreetmap.org/way/666071699) of a scout camp site that already has numbers on its pitches, but it...

[Here is an example](https://www.openstreetmap.org/way/507965131#map=18/49.87005/6.26952&layers=N) of a camping that has all pitches mapped. They are about the same size of neighbouring buildings, so it makes sense to show pitch numbers when...

It seems this section is for applications that authenticate with OpenID connect and supply a JWT to the user, instead of a random session cookie. I am not sure how...

> ASVS was wanting me to ditch static API secrets m2m. There is more discussion about this in [2.10.1 Verify that intra-service secrets do not rely on unchanging credentials such...

> Note, that for sandbox (which is again just one option to solve the vector), there is already requirement "V50.5 Unintended Content Interpretation" Sandbox is also meant to protect against...

> Does the current wording reflect the original intent? No. I think the current requirement is fine, but it doesn't match the original intent, and it doesn't fit in the...

> this looks like expected behavior, though the docs don't make it super clear Yes, it could very well be that I try to use this incorrectly. Describing how to...

A [compression side channel attack](https://www.sjoerdlangkemper.nl/2016/08/23/compression-side-channel-attacks/) is possible when some content contains both a secret and some user input and is then compressed. The assumption is that the attacker can observe...

No, I don't think there is a large difference between 2 and 3 regarding security against compression side channel attacks. How did you get that idea?