Open EdOverflow opened 2 years ago
Would it make sense to include a requirement concerning security.txt labelling in images? Some organisations already do this such as Atlassian.
security.txt
LABEL securitytxt=https://www.atlassian.com/.well-known/security.txt
This might fit into the "V1: Organizational" or "V5: Image Distribution" sections.
OWASP Application Security Verification Standard (ASVS) has the requirement listed in their "V1 Architecture, Design and Threat Modeling" section [1, 2].
Would it make sense to include a requirement concerning
security.txt
labelling in images? Some organisations already do this such as Atlassian.This might fit into the "V1: Organizational" or "V5: Image Distribution" sections.
OWASP Application Security Verification Standard (ASVS) has the requirement listed in their "V1 Architecture, Design and Threat Modeling" section [1, 2].