Open tghosth opened 11 months ago
From my (organizing requirements to sections) point of view we need to clearly define, what kind of requirements should belong to which sections. It could help to solve this as well.
Something like: You need this section when the application uses X functionality / Y technology / Z solution
100% agreed, especially given growing use for app adoption/approval.
Something which comes up constantly is how do we know which requirement/sections of ASVS are relevant to an application.
(Most recently in discussions with the ADA.)
I think it would be good to have a set of questions at the start of each chapter/section to guide someone in whether they need to consider the requirements in that chapter/section.
What do people think?