Merge pull request #467 from bugcrowd/Non-Corporate-User

Update rec for Non-Corporate User
bugcrowd · May 15, 2024 · 19319a4 · 19319a4
2 parents d7613f2 + 00fcad5
commit 19319a4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/...itive_data_exposure/disclosure_of_secrets/non_corporate_user/recommendations.md b/...itive_data_exposure/disclosure_of_secrets/non_corporate_user/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-It is recommended to encrypt sensitive data, including secrets, both when at rest and when in transit. All data that is processed, stored, and transmitted by the application should be classified by business need, regulatory and industry requirements, and appropriate privacy laws.
+It is recommended to encrypt secrets belonging to non-corporate users both when at rest and when in transit. All data that is processed, stored, and transmitted by the application should be classified by business need, regulatory and industry requirements, and appropriate privacy laws.
 
 Additionally, it is best practice to not store sensitive data when it is no longer required, as data that is not retained cannot be accessed and used maliciously. All sensitive data including secrets should therefore be a part of a regularly reviewed maintenance cycle. This review cycle should include rotation of secrets.