Replies: 1 comment
-
"Publish the point of contact for security reports on your website" integrates with ASVS . |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
MSVP mandates "Publish the point of contact for security reports on your website" within "1.1 Vulnerability reports".
V1 Architecture, Design and Threat Modeling V11 Secure Software Development Lifecycle Requirement 1.1.8 states "[ADDED] Verify availability of a publicly available security.txt file at the root or .well-known directory of the application that clearly defines a link or e-mail address for people to contact owners about security issues.".
Related GitHub issues are https://github.com/OWASP/ASVS/issues?q=is%3Aissue+RFC+9116
Beta Was this translation helpful? Give feedback.
All reactions