- From: fantasai <fantasai.lists@inkedblade.net>
- Date: Thu, 30 Oct 2014 15:49:05 -0700
- To: public-w3process@w3.org
On 10/30/2014 10:46 AM, Anne van Kesteren wrote: > On Thu, Oct 30, 2014 at 6:32 PM, Chris Wilson <cwilso@google.com> wrote: >> In general, I'm in agreement that security should be considered early; since >> FPWD is the only place you can make sure it's "early", I might agree with >> this, but what would you consider a "security review"? Are there specific >> people you'd want involved, signoff from someone particular, or simply a >> "security review" section in the FPWD doc? Specific questions like "why >> don't you require TLS (if you don't)?" > > Probably specific questions would work best, combined with review from > the WebAppSec community. +1 from me. Seems totally reasonable. Would you require the review from WebAppSec prior to FPWD publication, or trigger it by FPWD publication? ~fantasai
Received on Thursday, 30 October 2014 22:49:34 UTC