W3C home > Mailing lists > Public > public-w3process@w3.org > November 2014

Re: Require security review before FPWD

From: fantasai <fantasai.lists@inkedblade.net>
Date: Sun, 02 Nov 2014 20:33:58 -0800
Message-ID: <545705B6.3020009@inkedblade.net>
To: Jeff Jaffe <jeff@w3.org>, Anne van Kesteren <annevk@annevk.nl>
CC: Philippe Le Hegaret <plh@w3.org>, public-w3process <public-w3process@w3.org>
On 11/02/2014 07:41 PM, Jeff Jaffe wrote:
>
> Mind you, I have no strong objection to the proposal; just discussing whether it is most effective. More effective would be to
> raise the level of understanding and training among spec writers to be constantly security aware.

I think having a questionnaire, as Anne suggested, filled out prior to FPWD,
might be helpful. Other cross-WG review groups could also provide a standard
questionnaire that prompts tech designers to think about the implications of
the technology they're designing and fix any common mistakes prior to FPWD.

I don't think requiring WebSec review prior to FPWD is ideal schedule-wise,
but having it trigger a WebSec review seems reasonable.

(You don't even have to modify the process for any of this, just create the
questionnaires and educate the staff contacts about using them...)

~fantasai
Received on Monday, 3 November 2014 04:34:28 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:35:12 UTC