Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate NIST "Guidelines on Minimum Standards for Developer Verification of Software" #1039

Closed
11 tasks
cmlh opened this issue Jul 25, 2021 · 4 comments
Closed
11 tasks

Integrate NIST "Guidelines on Minimum Standards for Developer Verification of Software" #1039

cmlh opened this issue Jul 25, 2021 · 4 comments
Assignees
@cmlh @jmanico
Labels
_5.0 - prep This needs to be addressed to prepare 5.0

Comments

@cmlh
Copy link
Contributor

cmlh commented Jul 25, 2021
edited
Loading

Confirm the integration of the recently published (July 2021) "Guidelines on Minimum Standards for Developer Verification of Software" from NIST, specifically their "Recommended Minimum Standard for Developer Testing":

  • Threat Modeling
  • Automated Testing
  • Code-Based, or Static, Analysis
  • Review for Hardcoded Secrets
  • Run with Language-Provided Checks and Protection
  • Black Box Test Cases
  • Code-Based Test Cases
  • Historical Test Cases
  • Fuzzing
  • Web Application Scanning
  • Check Included Software Components
@elarlang
Copy link
Collaborator

Why, and what is your clear proposal?

@elarlang elarlang added the 2) Awaiting response Awaiting a response from the original poster label Aug 5, 2021
@cmlh
Copy link
Contributor Author

cmlh commented Sep 5, 2021

I have updated the placeholder text.

Can @elarlang create a "NIST" Milestone as there will be a number of child issue[s] created against the task list above in addition to other points raised within "Guidelines on Minimum Standards for Developer Verification of Software" please?

I'd also be interested to know if NIST reached out to other ASVS Project Leader[s] @danielcuthbert @jmanico @tghosth @vanderaj et al as there is no reference to ASVS within "Guidelines on Minimum Standards for Developer Verification of Software" please?

@cmlh cmlh mentioned this issue Sep 8, 2021
Closed
@cmlh cmlh mentioned this issue Oct 12, 2021
Closed
@jmanico
Copy link
Member

jmanico commented Oct 23, 2021

This is not a clear issue we can work on. Closing this out.

@jmanico jmanico closed this as completed Oct 23, 2021
@cmlh
Copy link
Contributor Author

cmlh commented Oct 23, 2021

I'm not planning to take an action until the next major/minor release of ASVS after 4.0.2 is published as this will be either a major change or fork @jmanico

@cmlh cmlh mentioned this issue Nov 13, 2021
Closed
@cmlh cmlh mentioned this issue Dec 14, 2021
Closed
@jmanico jmanico added _5.0 - prep This needs to be addressed to prepare 5.0 and removed 2) Awaiting response Awaiting a response from the original poster labels Dec 14, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmlh cmlh

@jmanico jmanico

Labels
_5.0 - prep This needs to be addressed to prepare 5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cmlh @jmanico @elarlang