Josh Grossman
Josh Grossman
@set-reminder 3 weeks @tghosth to look at this
I think this requirement should be dropped entirely as not being in line with the standard as a whole. There seems to be support for this based on #1460 and...
I think this got dropped in the end because it is a process rather than a security mechanism/control
Ok this item didn't get deleted, I must have been mistaken. I reiterate that this is a security process rather than a security requirement of an application and therefore I...
@danielcuthbert I think we need to remove this, threat modeling is an activity whereas ASVS should be practical requirements for an application
Handle alongside #997. 11.1.7 and 11.1.8 should be moved to V7 and clarified. 8.1.4 should stay where it is as it describes a specific data exfiltration scenario. @set-reminder 1 week...
11.1.7 is too much detail so I have added to the logging cheatsheet although I think it still merits its own requirement in V7.2. Added in: https://github.com/OWASP/CheatSheetSeries/pull/1394 11.1.8 I think...
Sure, done. Any other comments?
Seems like it needs a loop or something there...