Kevin W. Wall
Kevin W. Wall
_Configuration_ file vs _source_ file can get a bit fuzzy at times when it concerns the whole "infrastructure as code" paradigm, but as long as the gold badge standard doesn't...
Since no one has yet seemed to comment on this, I'll step out and share my ignorance first. Or rather my forgetfulness. (It's been a really long time since I...
Sure would be nice if it showed all the f'ing lint errors at once. Sigh. If it didn;t require npm to run, I'd run it locally first.
@jmanico - Yeah, agree. That doesn't make any sense apart from the original ESAPI wiki page title, which was ""XSS Defense: No Silver Bullets" and was an homage to Frederick...
FWIW, here's my $.02. I agree with @tghosth here. I really don't think these deserialization-related requirements should be moved anymore than any of the other ASVS requirements in Chapter 5...
Just now saw this email assigning me to the ticket. I don't recall seeing a separate assignment email from GitHub though. (Or I saw it and forgot it.)Shouldn't that have...
I have some objections. I will provide details this evening (US/Eastern timezone).
**TL;DR Warning**: The **BLUF** for this is - 1. I think there needs to be a _really_ high bar for making changes like these to ASVS 5.0. Minor improvements need...
And just for the official record, for this particular issue, I vote that we **_close_** it with a "Won't fix" label (if you have such for ASVS issues). And if...
@jmanico wrote: > I think the levels should be RISK-BASED and absolutely not TESTABILITY BASED I absolutely agree, but at the same time, let's be transparent about testability. After all,...