[Bug 22256] New: Add a note regarding first line of defense. from bugzilla@jessica.w3.org on 2013-06-04 (public-webappsec@w3.org from June 2013)

From: <bugzilla@jessica.w3.org>
Date: Tue, 04 Jun 2013 02:20:45 +0000
To: public-webappsec@w3.org
Message-ID: <bug-22256-4874@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=22256

            Bug ID: 22256
           Summary: Add a note regarding first line of defense.
    Classification: Unclassified
           Product: WebAppsSec
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: CSP
          Assignee: w3c@adambarth.com
          Reporter: glenn@skynav.com
        QA Contact: dave.null@w3.org
                CC: mike@w3.org, public-webappsec@w3.org

The introduction contains the following:

"Content Security Policy (CSP) is not intended as a first line of defense
against content injection vulnerabilities."

For those readers not familiar with the details of secure programming, it would
be useful to add a Note referring to some work(s) that address the "first
line[s] of defense".

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 4 June 2013 02:20:50 UTC