Hi @cpholguera , sorry for the late comment. But it seems it is the last available day for this ;)
I have just realized that MSTG-STORAGE-12 has been removed completely. I understand that App Privacy (data sharing) aspect will be addressed. But what about "educate the user about ... security best practices the user should follow in using the app". If this is dropped there is absolutely nothing in MAS that addresses the problem of users' mistakes, which is one of the main sources of exploits today. At least in mBanking.
IMHO, this topic deserves a dedicated category since the users' mistakes, or rather their exploits via fishing and social engineering, are the weakest chain in the app cybersecurity link today.
I have just realized that MSTG-STORAGE-12 has been removed completely. I understand that App Privacy (data sharing) aspect will be addressed. But what about
"educate the user about ... security best practices the user should follow in using the app"
. If this is dropped there is absolutely nothing in MAS that addresses the problem of users' mistakes, which is one of the main sources of exploits today. At least in mBanking.IMHO, this topic deserves a dedicated category since the users' mistakes, or rather their exploits via fishing and social engineering, are the weakest chain in the app cybersecurity link today.
Originally posted by @syakymchuk in https://github.com/OWASP/owasp-masvs/discussions/679#discussioncomment-4950950