Overview / Context
The L1 evidence section of the web profile's automated requirements (e.g., Burp Suite test cases) all contain the following guidance:
N/A (to be collected by labs)
This guidance was originally drafted under the assumption that we would have the Labs perform the automated test cases in the background as they were manually reviewing evidence from the other portions of a developer's L1 submission. Based on feedback from the working group, we ultimately made the decision to still permit either self-submitted scan results or lab-provided scan results for these L1 test cases.
Solution
We need to update the L1 evidence section for all of the automated requirements to highlight that they they support either self-submitted evidence or lab-submitted evidence.
Overview / Context The L1 evidence section of the web profile's automated requirements (e.g., Burp Suite test cases) all contain the following guidance:
This guidance was originally drafted under the assumption that we would have the Labs perform the automated test cases in the background as they were manually reviewing evidence from the other portions of a developer's L1 submission. Based on feedback from the working group, we ultimately made the decision to still permit either self-submitted scan results or lab-provided scan results for these L1 test cases.
Solution We need to update the L1 evidence section for all of the automated requirements to highlight that they they support either self-submitted evidence or lab-submitted evidence.