-
-
Notifications
You must be signed in to change notification settings - Fork 638
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider making 10.2.2 Level-1 > modify and move 10.2.2 to 8.3 #1201
Comments
Seems like a V8 requirement, briefly touched in #1005 |
Proposal: move this to 8.3, not sure about level 1 |
I can support a move to 8.x but we need to make this specific to the browser, e.g. contacts are not relevant as that should be an MASVS thing. |
With @tghosth here, the wording is very MASVS and mobile as if we are talking traditional devices, the sensors element don't often come into play as they would do in mobile. I get the GDPR-like want here (8.3) but wouldn't say this needs to be merged into that, it still should prevent unnecessary requesting access to WebRTC and subsequently camera/mic etc. Now do we rely on the browser to control that, as say it does with Chrome where a popup asks user to block/allow or should we go deeper and add a step before that? |
Originally posted by @danielcuthbert in #1468 (comment) |
Opened #1666 to resolve |
Re-open, current requirement:
I think we need to place the requirement to front-end category. We should keep in mind #1755 |
I understand why you are suggesting a V50 but this does seem like a classic, "don't collect too much data" requirement which is why it fits V8 so well. It is also more of a business control than a technical control I think. I'm not sure I agree with moving it to V50. |
Ok, the requirement cooking in #1755 seems to be more V50 material. |
The text was updated successfully, but these errors were encountered: