From 4b0a6624cf22a91c22f7c73f7a8fd6ec49a9d206 Mon Sep 17 00:00:00 2001
From: cynthiabethea <108268296+cynthiabethea@users.noreply.github.com>
Date: Thu, 13 Oct 2022 11:01:03 +0100
Subject: [PATCH] DOC-191 Update security standards section (#6851)

---
 .../sonar-docs/src/pages/user-guide/security-rules.md  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/server/sonar-docs/src/pages/user-guide/security-rules.md b/server/sonar-docs/src/pages/user-guide/security-rules.md
index 2d3fbb09932..36456e385c7 100644
--- a/server/sonar-docs/src/pages/user-guide/security-rules.md
+++ b/server/sonar-docs/src/pages/user-guide/security-rules.md
@@ -23,9 +23,13 @@ With Hotspots, we want to help developers understand information security risks,
 
 ## Which security-standards are covered?
 Our security rules are classified according to well-established security-standards such as:
-* [CWE](https://cwe.mitre.org/): SonarQube is a CWE compatible product [since 2015](https://cwe.mitre.org/compatible/questionnaires/33.html).
-* [OWASP Top 10 ](https://www.owasp.org/index.php/Top_10-2017_Top_10))
-* [SANS Top 25 - outdated](https://www.sans.org/top25-software-errors/)
+* [CWE Top 25](https://cwe.mitre.org/top25/): SonarQube is a CWE compatible product [since 2015](https://cwe.mitre.org/compatible/questionnaires/33.html).
+* [PCI DSS](https://www.pcisecuritystandards.org/) (versions 4.0 and 3.2.1)
+* [OWASP Top 10 ](https://owasp.org/Top10/)
+* [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) (version 4.0)
+
+[[warning]]
+| The SANS Top 25 report is based on outdated statistics and should no longer be used. Instead, we recommend using the CWE Top 25 reports.
 
 The standards to which a rule relates will be listed in the **See** section at the bottom of the rule description. More generally, you can search for a rule on [rules.sonarsource.com](https://rules.sonarsource.com/):
 * [Java-vulnerability-issue-type](https://rules.sonarsource.com/java/type/Vulnerability): all vulnerability rules for Java language.
-- 
2.39.5