Replies: 2 comments
-
This is out of scope of ASVS which does not verify patching. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
"2.6 Dependency Patching" of MVSP is reproduced below:
2.6 Dependency Patching
Apply security patches with a severity score of "medium" or higher, or ensure equivalent mitigations are available for all components of the application stack within one month of the patch release
The parent of this [MVSP] issue is #1151.
Beta Was this translation helpful? Give feedback.
All reactions