Elar Lang

I need some word-smithing and validating help here, but I try to move this forward. For a starter: _Verify that defined sensitive data is not sent to untrusted parties (e.g....

My too general proposal was to just "get things moving / accelerate the discussion" and get some more feedback, you proved that it worked :) **Question 1** _how sensitive data...

I still have question - why this mapping need to be in ASVS repository? We can use for output generation generation as well (but I think it makes sense to...

> 10. Do you have any objection to me updating the links so that they link to the [correct section](https://github.com/OWASP/ASVS/blob/master/4.0/en/0x12-V4-Access-Control.md#v41-general-access-control-design) and not just the [correct chapter](https://github.com/OWASP/ASVS/blob/master/4.0/en/0x12-V4-Access-Control.md)? If you have no...

my comment in issue: https://github.com/OWASP/ASVS/issues/1141#issuecomment-1208034579

I'm not fan of making requirement id's longer just because it theoretically solves someones sorting problem. Proposal to leave it as it is right now.

> They do not need ro replace what you have. But appended to the end of the row will provide important manageablity. ASVS data itself should be as clean as...

> Output formal: **Most of the industry uses Excel spreadsheets**, converting from csv, txt, or anything they can get. Is it an opinion or the fact?

It's a bit style question as well. Another example - should we have separate logging requirement for authentication, authorization, input validation, business logic, anti-automation etc, or we list them to...

another one from my todo list :) My current improvement idea on that field: 7.1 should be clearly "what must every log line contain and what it should not contain",...