Josh Grossman
Josh Grossman
Agree with L3 How about: > Verify that CSP violations are reported and logged as part of the application's standard logging mechanism.
Discussed with @elarlang that "as part of the application's standard logging mechanism." is more of a recommendation anyway rather than a strict control so it isn't really necessary for here....
Waiting for #1947 @set-reminder 3 days Josh to address
Addressed in: https://github.com/OWASP/ASVS/commit/6cf791ff8882aea26fb3cdfad7800bb569d69d50
Hey @ryarmst, like @elarlang says, until the release, it's never too late :)
@ryarmst I think you make some great points. > I have always understood the intent of this reporting mechanism not to detect potential security issues/events, but to ensure that the...
At this point, I am leaning towards a relatively non-prescriptive L3 requirement. Whilst the definitions are not yet finalized, L3 is always a "stretch goal" and so I don't think...
Why did you reopen @elarlang?
I see this as logging and would prefer to keep it here, especially so as not to overload V50
Requirement history: | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---: | | **1.12.2**...