-
-
Notifications
You must be signed in to change notification settings - Fork 667
What is new in version 4.0.2
We are pleased to announce that the version 4.0.2 of the ASVS has now been released! Thanks to the project leaders and other contributors for their support in getting this out.
This is not a big release but rather it makes a number of improvements to v4.0.1 but without any actual requirement changes. Anyone using 4.0.1 should be able to smoothly start using 4.0.2.
This document notes some key changes.
The entire OWASP site changed since 4.0.1 was released meaning a lot of links were either broken or cumbersome. Various other links were also outdated and we were able to add some extras as well.
Following a number of requests, some of our contributors kindly prepared a standardized way of referring to ASVS requirements. Hopefully this will make it easier to reference requirements elsewhere without worrying about changes to the standard.
The document generation scripts were a little confusing and did not work entirely. These have been standardized a little and improved including richer content being added to the CSV, XML and JSON versions. We now also specifically support generation for multiple languages. We are hoping to further improve this process.
We have updated the contributors list to hopefully include (by proper name wherever possible) everyone who has contribute commits to the 4.x version (including the bleeding edge version) up until now. We have also noted some major contributors who were particularly active.
We have tried to improve the language in the standard to be more inclusive as best we can (see notes here but we would welcome further ideas.
It was pointed out that there were inconsistencies in acronym usage and capitalization which we have tried to improve.
Similarly, there were a number of areas where terminology was being used or spelled inconsistently which we have tried to rectify.
We have also tried to expand the glossary to include more terms used within the standard which may not be immediately obvious. Here as well we would clearly be keen for additional contributions.