Christian Heinrich

@jmanico wrote > Hey @cmlh thanks for posting the text. Do you agree this needs a little cleanup? Any suggestions? I'd recommend [4.1.4](https://github.com/OWASP/ASVS/blob/master/4.0/en/0x12-V4-Access-Control.md#v41-general-access-control-design) be applicable to Level 3 (as defined...

> Are you ok with a delete here too @cmlh ? Is 4.1.3 enough? I am willing to commit to deletion 4.1.4 @jmanico provided we have addressed CWE-285 and CWE-276...

FullContact API v2 is deprecated.

@elarlang wrote: > First - for me personally the requirement is not that clearly in the scope - if we don't have the security.txt file, we don't have any extra...

@elarlang wrote: > Can you also point out, what exactly is written there "what would put us at odds"? The [OWASP Vulnerability Disclosure Cheat Sheet states _"A security.txt file on...

Can we leverage http://help.leanpub.com/en/articles/4868811-getting-started-using-leanpub-s-git-and-github-writing-mode-to-write-a-book-tl-dr-version who OWASP have used to publish hard copies in the past? Also https://www.gitbook.com/ may be an alternative if GitHub Pages or LeanPub is unsuitable?

@tghosth wrote: > @cmlh are #1360, #1361 and #1365 the only things that are missing from ASVS compared to MSVP? If so, can we close this original issue? Nope, I...

Nope, I haven't completed this yet due to lack of availability.

Below how I will track the inclusion of MSVP into ASVS as [GitHub's Project](https://github.com/OWASP/ASVS/projects) isn't enabled. - [X] 👍 [1.1 Vulnerability reports - Publish the point of contact for security...

https://security.googleblog.com/2023/11/two-years-later-baseline-that-drives-up.html https://mvsp.dev/mvsp.en/v2.0-20221012/