- From: Simone Onofri <simone@w3.org>
- Date: Tue, 6 Jan 2026 17:36:21 +0100
- To: public-security@w3.org
Dear Group, This is a Call for Consensus (CfC) for the Group publishing the “Threat Modeling Guide” and for enabling autopublish. [[ This document describes when, why, and how to perform threat modeling during the development of a specification at the World Wide Web Consortium (W3C). This is designed to help standards developers understand threats and countermeasures from the beginning of standard development and to document the model in the security considerations section. ]] During the 2026-01-06 meeting, the participants had already agreed. To ensure everyone has an opportunity to weigh in, this will serve as a record of the group's decision, one way or another. The deliverable is available for inspection here: https://w3c.github.io/threat-modeling-guide/ In response, please state one of the following: * I support the publishing of the "Threat Modeling Guide”. * I do not support the publishing of the "Threat Modeling Guide”, but it's fine if we decide to proceed * I object to the adoption of the "Threat Modeling Guide” due to Issues filed in the open issue <#number> of the securityig repository If there are no further objections, we will confirm the decision by February 21, 2025, at midnight Pacific time. Just so you know, if the deliverable is published, it will be marked as a First Group Note Draft, which does not imply W3C endorsement. Please respond by 2026-01-14; at that point, this CfC will be closed. Thank you, Simone
Received on Tuesday, 6 January 2026 16:36:54 UTC