[webappsec] CfC: Draft charter for review, ends 21-Dec-2016

This is a Call for Consensus to send a re-charter proposal for the
WebAppSec WG to the AC.  This Call for Consensus will end at the next
regularly scheduled meeting of the WG on December 21st.

Please send comments to public-webappsec@w3.org

Thanks to Wendy for getting this started.  I believe I've added all specs
in progress, but please review and run this by your legal teams:

https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html

Pull requests welcome at but please cc: the list.

https://github.com/w3c/webappsec/blob/master/admin/webappsec-charter-2017.html

Additions in overall scope from previous charter:

Vulnerability Mitigation
* Vulnerabilities are inevitable in sufficiently complex applications. Th
WG will work on mechanisms to reduce the scope, exploitability and impact
of common vulnerabilites and vulnerability classes in web applications,
especially script injection / XSS.

Attack Surface Reduction
* Replace or augment injection-prone APIs in the browser with safer
alternatives using strategies such as sanitization, strict contextual
autoescaping, and other validation and encoding strategies currently
employed by server-side code.

The Web Security Model
* The WG may be called on to advise other WGs or the TAG on the fundamental
security model of the Web Platform and may produce Recommendations towards
the advancement of, or addressing legacy issues with, the model, such as
mitigating cross-origin data leaks or side channel attacks.

Thank you,

Brad Hill

Received on Wednesday, 14 December 2016 19:08:03 UTC