We suspect the ASVS is presented the way it is, exactly because security is an \emph{emergent property},
and thus security measures should not be regarded as attachments to respective components of an app.
Rather, it should be verified at each stage and level; and thus a checklist is a better presentation.
We suspect the ASVS is presented the way it is, exactly because security is an \emph{emergent property},
and thus security measures should not be regarded as attachments to respective components of an app.
Rather, it should be verified at each stage and level; and thus a checklist is a better presentation.