Josh Grossman

Or is this an architecture thing?

@sydseter I think this is getting to a level of detail that is too deep for ASVS and maybe needs to be moved to a cheatsheet. We have one or...

The concept of documentation requirements has been extensively discussed over the last ~year since we started preparing them including being specifically highlighted and discussed back at the project summit in...

1) Did you mean to rename this issue or a different issue? 2) Can you confirm the level of each of the ones above which you are concerned about?

> No one was ever hacked because of missing documentation. I am currently working with a company who currently have constant AuthZ gaps because they won't maintain a simple confluence...

I am certainly open to discussion on each of these requirements, as I noted above. However, each of these requirements was carefully worded over several iterations and each of them...

> And even now, every single little change I'm suggesting, even when several other volunteers agree with me, is hard to get through. To be fair, just today a bunch...

> I will open more issues soon. Okay cool, would it make sense to close this issue or do you prefer to open your new issues as sub issues of...

There aren't many hills I will die on for ASVS but I will under no circumstances mandate that every L2 app has to support passkeys. The only way you get...

This is a whole load of hassle to start supporting passkeys for no security uplift.