Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crypto appendix, simplify introduction #2447

Open
randomstuff opened this issue Dec 9, 2024 · 3 comments
Open

Crypto appendix, simplify introduction #2447

randomstuff opened this issue Dec 9, 2024 · 3 comments
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.

Comments

@randomstuff
Copy link
Contributor

Current wording of the cryptographic appendix introduction:

V6 goes beyond simply defining best practices. It aims to enhance understanding of cryptography principles and encourage the adoption of more resilient, modern security methods. This appendix provides detailed technical information regarding each requirement, complementing the overarching standards outlined in V6

I would simplify and just say:

This appendix provides detailed technical information regarding each requirement, complementing the overarching standards outlined in V6.
@randomstuff
Copy link
Contributor Author

ping @danielcuthbert

@tghosth tghosth added 1) Discussion ongoing Issue is opened and assigned but no clear proposal yet _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine. AppendixV Appendix with crypto details labels Dec 10, 2024
@danielcuthbert
Copy link
Collaborator

What does the shortened text bring? I'm just trying to understand what the issue was with the original text. Do we need to simplify it?

@randomstuff
Copy link
Contributor Author

I think I feel the first two sentences are somewhat weird in this context (probably subjective):

  • It starts with statement about V6 ("V6 goes beyond simply defining best practices"). Maybe this should go into V6 and not in the appendix?
  • "It aims to enhance understanding of cryptography principles". Is this beyond the scope of ASVS in general?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1) Discussion ongoing Issue is opened and assigned but no clear proposal yet AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@randomstuff @danielcuthbert @tghosth