[wbs] response to 'Call for Review: Security Interest Group Charter' from Jeffrey Yasskin via WBS Mailer on 2024-09-09 (public-review-comments@w3.org from September 2024)

From: Jeffrey Yasskin via WBS Mailer <sysbot+wbs@w3.org>
Date: Mon, 09 Sep 2024 16:15:02 +0000
To: public-review-comments@w3.org
CC: jyasskin@google.com
Message-Id: <wbs-ecd95a2a06dbe4d030323b6a092b7b75@w3.org>

The following answers have been successfully submitted to 'Call for Review:
Security Interest Group Charter' (Advisory Committee) for Google LLC by
Jeffrey Yasskin.


The reviewer's organization suggests changes to this Charter, but supports
the proposal whether or not the changes are adopted.

Additional comments about the proposal:
   We are eager to see a dedicated horizontal review group for security.

We're concerned that the large number of security groups (WebAppSec WG,
SWAG CG, Threat Modeling CG, and now this IG) will mean the Web's security
experts don't have enough time to spend on each. We don't think that should
delay this group's creation, but if the security experts appear to be
spread too thin once the groups spin up, all the groups' chairs should be
prepared to combine meetings or otherwise work together to focus on the
most important parts of the problem.

As with the Architecture (https://w3ctag.github.io/design-principles/),
Privacy (https://w3ctag.github.io/privacy-principles/), Accessibility
(https://www.w3.org/TR/wcag-3.0/), and Internationalization
(https://www.w3.org/TR/international-specs/) horizontal review areas, we
think this new horizontal review group needs to be in charge of documenting
the security principles that it expects to enforce in its horizontal
reviews. The "Threat Modeling guide" deliverable is close to this, but
"generic threat modeling elements" and "threats of different types" aren't
specific enough to describe the particular threats to web sites and users
that this group will be ensuring that new specifications defend against.
We've sent https://github.com/w3c/charter-drafts/pull/583 to give an
example of the language that we think would cover this, although we're not
tied to that particular language.


The reviewer's organization intends to participate in these groups:
   - Security Interest Group

Answers to this questionnaire can be set and changed at
https://www.w3.org/2002/09/wbs/33280/sing/ until 2024-09-09.

 Regards,

 The Automatic WBS Mailer

Received on Monday, 9 September 2024 16:15:03 UTC