Josh Grossman

I think we need to keep this topic and see if we can find anyone else to provide some ideas, I don't think we can ignore it for 5.0 .

@jmanico I think the opposite. V1 currently contains SSDLC processes like threat modelling which I think should not be there. They belong in SAMM. To me V1 should have the...

ok so I think we need to think carefully about what if anything should be in V1 or whether we need to abolish it completely. I think maybe we need...

So our proposal is to keep V1 as some sort of basis but strip out all the process level requirements? @elarlang

Gosh, I can see this has been through a few iterations and I am inclined to agree with Jim that this looks a bit like a duplication. @elarlang do I...

Current wording [1.14.6](https://github.com/OWASP/ASVS/blob/master/5.0/en/0x10-V1-Architecture.md#v114-configuration-architecture) > Verify the application does not use unsupported, insecure, or deprecated client-side technologies such as NSAPI plugins, Flash, Shockwave, ActiveX, Silverlight, NACL, or client-side Java applets. How...

Hi @deFr0ggy, As Elar said, we tend to restrict our outputs to those which are automatically generated. However, if you fancy looking at the python files in [this folder](https://github.com/OWASP/ASVS/tree/master/4.0) and...

It is definitely a python problem as it is already exported like that into the CSV text file

My sincere apologies, I mis-spoke above. It actually looks correct in a text editor so it is just in Excel where it looks weird so I am open to suggestions...

So I think XSSI, CSRF, click jacking are "[Confused deputy](https://en.wikipedia.org/wiki/Confused_deputy_problem)" and could potentially be classified like that. I think calling them HTTP source validation is a little misleading most of...