Josh Grossman

So @elarlang are you suggesting that this requirement is covered by other requirements and can therefore just be removed?

Ah, ok. @jmanico Whilst it is possible to build secure client-side Java applications, it is not possible to build secure client-side Java **applets** as the [applet technology is deprecated](https://docs.oracle.com/javase/10/docs/api/java/applet/package-summary.html). The...

@set-reminder 2 weeks @tghosth to open a PR if no further discussion or disagreement

#1501 opened REMINDER NO LONGER RELEVANT

I can support a move to 8.x but we need to make this specific to the browser, e.g. contacts are not relevant as that should be an MASVS thing.

>.... I agree with the comment that 10.2.2 level 1 _Originally posted by @danielcuthbert in https://github.com/OWASP/ASVS/issues/1468#issuecomment-1366490553_

Opened #1666 to resolve

I understand why you are suggesting a V50 but this does seem like a classic, "don't collect too much data" requirement which is why it fits V8 so well. It...

My inclination is that we need to consider this within the wider data protection chapter so I will allocate to there for now

Go for the PR :)