Replies: 1 comment
-
|
Hi @mascotter, we're currently performing a full refactoring of the MASVS. We haven't reached MASVS-ARCH yet so we'll definitely consider your proposal once we are there. If you also have feedback for other categories/controls this is the perfect time to send it. Here you can find the Discussions around the refactoring: https://github.com/OWASP/owasp-masvs/discussions/categories/big-masvs-refactoring MASVS-STORAGE is currently open for comments and MASVS-PLATFORM will follow very soon. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The requirement "1.10 MSTG-ARCH-10 Security is addressed within all parts of the software development lifecycle." is currently a L2 requirement. Addressing security in the whole SDL process should IMO be the very basics of any requirement set or framework.
In addition, the requirement 1.12 stipulates compliancy with privacy laws and regulations already on L1. I cannot imagine how e.g. compliancy against GDPR's privacy and security by design and default can be demonstrated if security is not addressed within all parts of the SDL.
Beta Was this translation helpful? Give feedback.
All reactions