API definition uses the 'x-42c-accept-empty-security' extension

Issue ID: v3_1-warning-x-42c-accept-empty-security-used

Description

The API definition has the vendor extension x-42c-accept-empty-security defined. While there are perfectly legitimate use cases for it, it can be dangerous if used in a wrong place.

The extension allows using empty security requirements (security: []) to indicate that an API operation does not require authentication without Security Audit flagging them as issues, reducing the audit score. However, the extension is always applied on the global level to the whole API, so it affects all operations in it. If you allow empty security requirements, Security Audit treats all empty security requirement as intentional omissions, not mistakes, so you cannot rely on the audit to catch any that you simply forgot to fill.

For more details, see the x-42c-accept-empty-security.