36 Pull requests merged by 3 people

• Asvs various corrections V1 .. V5

  #2843 merged Apr 2, 2025

• Fix 'it's'→'its' typo

  #2841 merged Mar 31, 2025

• Fix small issues in contributing and readme

  #2839 merged Mar 31, 2025

• Update front page to mention RC1

  #2838 merged Mar 31, 2025

• clarify 16.4.3 / v5.0.be-7.3.5, closes #2832

  #2837 merged Mar 31, 2025

• few missing symbols here and there

  #2836 merged Mar 31, 2025

• First draft update of contributing

  #2834 merged Mar 31, 2025

• Clarify 16.2.1 to resolve #2831

  #2835 merged Mar 31, 2025

• Clear contributors for now until this can be updated.

  #2833 merged Mar 31, 2025

• 15.2.2 typofix - loss of loss

  #2830 merged Mar 31, 2025

• #2456 step 1.6 clean-up for modification tags

  #2829 merged Mar 31, 2025

• update for 14.3.1, closes #2821

  #2827 merged Mar 30, 2025

• update 7.2.2, closes #2817

  #2825 merged Mar 30, 2025

• tag fixes

  #2824 merged Mar 30, 2025

• V15, V16, should > must

  #2823 merged Mar 30, 2025

• V12, V13, V13, should > must

  #2822 merged Mar 30, 2025

• v9, v10, v11 - should > must

  #2820 merged Mar 30, 2025

• Clarify should > must in v8

  #2819 merged Mar 30, 2025

• Various v6, should > must with some clarifications

  #2816 merged Mar 30, 2025

• Clarify 7.1.3

  #2818 merged Mar 30, 2025

• update for 2.2.1 / v5.0.be-11.3.1, closes #2812

  #2815 merged Mar 30, 2025

• Clarify wording in 1.2.9

  #2810 merged Mar 30, 2025

• 5.2.2, should > must

  #2814 merged Mar 30, 2025

• 3.1.1, should > must

  #2813 merged Mar 30, 2025

• Clarify wording of 1.2.4

  #2809 merged Mar 30, 2025

• Rename business logic chapter to resolve #2797

  #2808 merged Mar 30, 2025

• Add more approved MAC algorithms

  #2563 merged Mar 30, 2025

• Asvs 2456 step 2 5 and other corrections

  #2805 merged Mar 29, 2025

• #2456 steps 3.1 and 3.2

  #2807 merged Mar 29, 2025

• #2456 step 2.4 renumber everything

  #2804 merged Mar 27, 2025

• #2553 set the actual new world order

  #2803 merged Mar 27, 2025

• V4 name change

  #2801 merged Mar 27, 2025

• V50 structure sync

  #2799 merged Mar 27, 2025

• Rearrange v6 and v9 based on jim feedback to resolve #2796

  #2798 merged Mar 27, 2025

• Remove LLM chapter to resolve #2792

  #2794 merged Mar 27, 2025

• Update V6.2 heading to resolve #2790

  #2793 merged Mar 27, 2025

4 Pull requests opened by 1 person

• Clarify that BLAKE3 has a MAC mode

  #2826 opened Mar 30, 2025

• Remove KMAC from lists of hash functions because they are actually MAC

  #2828 opened Mar 30, 2025

• Add AEGIS-128L and AEGIS-256 as approved AEAD

  #2842 opened Mar 31, 2025

• Normalize 'ID Token' (as per the OIDC specification)

  #2849 opened Apr 2, 2025

20 Issues closed by 4 people

• Site isolation

  #2409 closed Apr 1, 2025

• new requirement - cookie partitioned attribute

  #2423 closed Mar 31, 2025

• OAuth/OIDC - different levels for public and confidential clients

  #2637 closed Mar 31, 2025

• Device code flow phishing

  #2618 closed Mar 31, 2025

• 16.4.3 / v5.0.be-7.3.5 - can we require logs to be sent to remote systems?

  #2832 closed Mar 31, 2025

• ask when-where-who-what for logging events (update 16.2.1 / v5.0.be-7.1.4)

  #2831 closed Mar 31, 2025

• Crypto Appendix - Restrictions on CCM8

  #2413 closed Mar 30, 2025

• Cryptography - suggested verification of Diffie-Hellman points

  #2501 closed Mar 30, 2025

• Clarify 14.3.1

  #2821 closed Mar 30, 2025

• for each requirement - the usage of "must vs should" in the main condition of the requirement

  #2554 closed Mar 30, 2025

• Approve Poly1305

  #2562 closed Mar 30, 2025

• Clarify 7.2.2 (previouly v5.0.be-3.1.3, v4.0.3-3.5.2)

  #2817 closed Mar 30, 2025

• Clarify 2.2.1 / v5.0.be-11.3.1 wording

  #2812 closed Mar 30, 2025

• v5.0.be-5.3.11 / 1.2.9 - csv and formula injection wording

  #2811 closed Mar 30, 2025

• Rename Business Logic chapter

  #2797 closed Mar 30, 2025

• Rename V4 Access Control to Authorization

  #2795 closed Mar 30, 2025

• Reordering chapters

  #2553 closed Mar 27, 2025

• Consider V6 and V9 section order

  #2796 closed Mar 27, 2025

• Appendix W: LLM Security

  #2792 closed Mar 27, 2025

• V6.2 Algorithms - Improve heading name.

  #2790 closed Mar 27, 2025

6 Issues opened by 2 people

• suggestion regarding Threat modeling in ASVS

  #2848 opened Apr 2, 2025

• V2 section texts

  #2847 opened Apr 1, 2025

• clarification for 1.5.2 / v5.0.be-5.5.3

  #2846 opened Apr 1, 2025

• 1.3.8 / v5.0.be-5.2.9 - is it actually a requirement for injection section?

  #2845 opened Apr 1, 2025

• V1.3 review - is sandboxing a deprecated topic for this

  #2844 opened Apr 1, 2025

• texts from 3rd person point of view

  #2802 opened Mar 27, 2025

24 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Section and requirement relevance questions

  #1797 commented on Mar 30, 2025 • 0 new comments

• Feedback about recommended AES modes

  #2509 commented on Mar 30, 2025 • 0 new comments

• Crypto appendix - what about SHA-512/224?

  #2448 commented on Mar 30, 2025 • 0 new comments

• Crypto Appendix - Fix table of approved hash functions

  #2446 commented on Mar 30, 2025 • 0 new comments

• Crypto Appendix - Listed allowed FFDH groups do not include standard FFDH groups for TLS

  #2407 commented on Mar 30, 2025 • 0 new comments

• Appendix Crypto - Allowed mechanisms and requirement levels

  #2398 commented on Mar 30, 2025 • 0 new comments

• Crypto appendix - give alias names for groups

  #2374 commented on Mar 30, 2025 • 0 new comments

• Feedback about approved MAC algorithms

  #2513 commented on Mar 31, 2025 • 0 new comments

• Informative list of tasks and dependencies related to mapping and requirement (re)numbering

  #2456 commented on Mar 31, 2025 • 0 new comments

• ASVS v5.0 release checklist - rough workings

  #2555 commented on Mar 31, 2025 • 0 new comments

• Feedback about approved KEX schemes

  #2514 commented on Mar 31, 2025 • 0 new comments

• v5.0.be-50.7.1 - SRI check for 3rd party content - requirement text and level

  #2741 commented on Mar 31, 2025 • 0 new comments

• Crypto appendix - mention missing mechanisms

  #2380 commented on Mar 31, 2025 • 0 new comments

• V6 - Proper/safe MAC usage (in contrast to digital signatures)

  #2310 commented on Mar 31, 2025 • 0 new comments

• Cryptography - Received comments about CBC

  #2494 commented on Apr 1, 2025 • 0 new comments

• Requirement about key wrapping

  #2511 commented on Apr 1, 2025 • 0 new comments

• v5.0.be-50.3.4 referer leakage

  #2789 commented on Apr 1, 2025 • 0 new comments

• Crypto appendix, simplify introduction

  #2447 commented on Apr 1, 2025 • 0 new comments

• recheck all references from chapters

  #2783 commented on Apr 1, 2025 • 0 new comments

• Crypto appendix AEGIS

  #2510 commented on Apr 1, 2025 • 0 new comments

• Feedback about hash functions

  #2512 commented on Apr 2, 2025 • 0 new comments

• Proposed requirement for COOP: V50.1.x

  #2766 commented on Apr 2, 2025 • 0 new comments

• Proposed requirement for CORP: V50.5.x

  #2767 commented on Apr 2, 2025 • 0 new comments

• Crypto: define mechansism status

  #2573 commented on Apr 1, 2025 • 0 new comments