Replies: 2 comments
-
|
Hi @jmanico thanks a lot for your feedback, I totally agree that it's very confusing and open to interpretation. We're currently refactoring the MASVS-STORAGE category. You can find the new proposal here (which should solve the confusion): In that same page there's a spreadsheet linked which includes a detailed view where anyone is welcome to enter comments. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Great work, I'm happy to close this out. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
2.2 No sensitive data should be stored outside of the app container or system credential storage facilities.
This says it's ok to store sensitive data in the app container outside of cred storage or memory.
But 2.13, 2.14, and 2.15 really suggest NOT putting sensitive data anywhere not in memory, not encrypted, or not in the keychain.
So I suggest drop the "app container" part of 2.2, it's misleading.
Beta Was this translation helpful? Give feedback.
All reactions