From 63b5768061c64667e09066fbbb2182ae1fd9ec6e Mon Sep 17 00:00:00 2001
From: Adam Shostack <1176137+adamshostack@users.noreply.github.com>
Date: Tue, 25 Jun 2019 09:36:20 -0700
Subject: [PATCH] Changed ACL to permission

---
 cards.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cards.yaml b/cards.yaml
index b05308d..74cb2cc 100644
--- a/cards.yaml
+++ b/cards.yaml
@@ -46,7 +46,7 @@ suits:
     7: An attacker can bypass permissions because you don't make names canonical before checking access permissions
     8: An attacker can manipulate data because there's no integrity protection for data on the network
     9: An attacker can provide or control state information
-    10: An attacker can alter information in a data store because it has weak ACLs or includes a group which is equivalent to everyone ("anyone with a Facebook account")
+    10: An attacker can alter information in a data store because it has weak/open permissions or includes a group which is equivalent to everyone ("anyone with a Facebook account")
     J: An attacker can write to some resource because permissions are granted to the world or there are no ACLs
     Q: An attacker can change parameters over a trust boundary and after validation (for example, important parameters in a hidden field in HTML, or passing a pointer to critical memory)
     K: An attacker can load code inside your process via an extension point