Josh Grossman

So I don't actually hate this... As at the bleeding edge, it is currently: [1.2.3](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x10-V1-Architecture.md#v12-authentication-architecture) > Verify that the application uses a single vetted authentication mechanism that is known to...

I disagree that 14.2.1 is relevant here. I agree that 14.2.2 sort of covers this but I do feel like it might be worth mentioning specifically and also my new...

Anyone fancy creating a PR for this :)

So drift prevention is important for things like infrastructure as code where you are expecting the environment config to stay as what you originally created it as. My main question...

The current 2.2.9 mandates MFA, 2.2.4 mandates a hardware based authenticator. Do you think that covers it?

I am going to close this because I have a wider question on 2.2.4 in #1340 which I will incorporate this into.

To me, the main value of mapping is to make it easier to move from requirement to testing guide to detailed guidance on how to fix in a particular case.

We have discussed this internally within the project leadership team. Whilst we appreciate mappings, we want to focus on the core content of the standard. Our current plan for 5.0...

Hi @northdpole For DevSecOps Maturity Model, you will need to speak to @wurstbrot. For 4.0, I think we already discussed. For 5.0 let's discuss nearer the release at the end...

hey @northdpole, Thanks for the PR. A few questions: 1) Does it make sense to include the mapping in the en folder or can it go in the folder above...