You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey folks,
Maybe I’ve missed this, but I’ve combed the list looking for an answer and haven’t come up with much. I’ve been trying to update a bunch of my stuff to align with the the new 2.0 document and I’m noticing that the numbering system is off. For example, There is no requirement V1, V6, V12, V14. And within most of the other ones, there are individual requirements missing, V2.3, V2.10, V2.11, and so forth in the other sections too.
I could understand if this was done to keep the requirements in the same slots, as the previous published versions, but even then, from version to version, the same requirements have moved, old V1.5 is now V2.17…
Was there a reason for all of this? On a side note, I’m also happy to help contribute to this project, as I’ve been using this standard for a while, and think it’s important, just let me know how I can help out.
Best Regards,
Gerrit Padgham
The text was updated successfully, but these errors were encountered:
I think the missing gaps are v1.0 -> 2.0 mapping related - i.e. issues that are no longer inspected. I originally had "Deleted" or something there, but I think it may be important to declare why there are gaps (it makes translating v1.0 reports to ASVS 2.0 requirements much easier!).
My reply still stands I think:
Don't really agree with the reason, ASVS 2014 shouldn't be saddled with the burden of 2009 to make a one time thing easier for a few 2009 users IMHO.
Now I can no longer easily verify if a verification contains everything required for that level (instead of checking is 1.1 through 1.7 there, I have to memorise all the numbers per level). Making it easier for an auditor to sneakily leave off 'difficult' requirements or simply forget.
We are adding the missing requirements back, and then putting in a small amount of detail as to what happened to them including when the issues were retired. This will hopefully answer this issue and make it easier for tool users to keep faith with ASVS as we don't change the numbering scheme.
Hey folks,
Maybe I’ve missed this, but I’ve combed the list looking for an answer and haven’t come up with much. I’ve been trying to update a bunch of my stuff to align with the the new 2.0 document and I’m noticing that the numbering system is off. For example, There is no requirement V1, V6, V12, V14. And within most of the other ones, there are individual requirements missing, V2.3, V2.10, V2.11, and so forth in the other sections too.
I could understand if this was done to keep the requirements in the same slots, as the previous published versions, but even then, from version to version, the same requirements have moved, old V1.5 is now V2.17…
Was there a reason for all of this? On a side note, I’m also happy to help contribute to this project, as I’ve been using this standard for a while, and think it’s important, just let me know how I can help out.
Best Regards,
Gerrit Padgham
The text was updated successfully, but these errors were encountered: