|
| 1 | +--- |
| 2 | + |
| 3 | +date: 2025-04-09 00:00:00-0100 |
| 4 | +categories: blog |
| 5 | +author: Josh Grossman |
| 6 | +author_image: /assets/images/people/josh_grossman_headshot.jpg |
| 7 | +layout: blogpost |
| 8 | +title: ASVS 5.0 RC1 is ready for your review! |
| 9 | +excerpt_separator: <!--more--> |
| 10 | + |
| 11 | +--- |
| 12 | + |
| 13 | +{:style="max-width:800px;float:left;"} |
| 14 | +<BR CLEAR="left"> |
| 15 | + |
| 16 | +## Introduction |
| 17 | + |
| 18 | +We are on the final countdown to the release of the [OWASP Application Security Verification Standard (ASVS)](https://asvs.owasp.org) version 5.0! |
| 19 | + |
| 20 | +This will be a major release with a lot of changes to bring the ASVS up to date and make it more usable. See [here for more information on the guiding principles of the new release](https://github.com/OWASP/ASVS/wiki/Roadmap-to-version-5.0#key-objectives). |
| 21 | + |
| 22 | +We have now released a release candidate version of 5.0 and we are waiting for your feedback! |
| 23 | + |
| 24 | +<!--more--> |
| 25 | + |
| 26 | +## How can I help? |
| 27 | + |
| 28 | +Reading through the release candidate version of ASVS is a great place to start. We would strongly recommend that you use [the markdown version](https://github.com/OWASP/ASVS/tree/master/5.0/en) as we are constantly incorporating updates. There is also a [semi-official web based version](https://asvs.dev/v5.0.draft/0x00-Header/) (maintained by Elar, one of the project leaders) which is kept frequently updated. |
| 29 | + |
| 30 | +A few questions to ask yourself as you review the document: |
| 31 | + |
| 32 | +* If I was a developer or a security tester, would this requirement understandable to me? |
| 33 | +* Can I think of a way of improving front / chapter / section text to add clarity without adding unnecessary content. |
| 34 | + |
| 35 | +Please first log ideas, issues or questions here: <https://github.com/OWASP/ASVS/issues>. It’s helpful to share if you have any ideas or if you find any bugs or typos (but see the extra guidance below). |
| 36 | + |
| 37 | +We may subsequently ask you to open a pull request, <https://github.com/OWASP/ASVS/pulls>, based on the discussion in the issue, if you are willing to do so, or we do that ourselves if you prefer. |
| 38 | + |
| 39 | +After familiarizing yourself with the current version and if you don't have additional questions or feedback, the next area to focus on is the "Issues" section. |
| 40 | + |
| 41 | +The issues to focus on for RC1 are listed here: |
| 42 | + |
| 43 | +<https://github.com/OWASP/ASVS/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22_5.0%20-%20rc1%22> |
| 44 | + |
| 45 | +## What's next |
| 46 | + |
| 47 | +Our very own Elar Lang, the key driving force behind version 5.0, will be presenting at [OWASP Global AppSec EU Barcelona](https://owasp.glueup.com/event/owasp-global-appsec-eu-2025-123983/) about the final 5.0 version so make sure you [check out his session there](https://owasp2025globalappseceu.sched.com/event/1whCc/introducing-the-50-release-of-the-asvs) in the builder track on Friday, 11:30am - 12:15pm. |
| 48 | + |
| 49 | +## Stay in contact |
| 50 | + |
| 51 | +Make sure you hear about chapter draft releases and stay in touch via our social media channels and website: |
| 52 | + |
| 53 | +* Website: <https://asvs.owasp.org> |
| 54 | +* Twitter: <https://twitter.com/OWASP_ASVS> |
| 55 | +* LinkedIn: <https://www.linkedin.com/company/owasp-asvs/> |
0 commit comments