Re: Require security review before FPWD

On 11/02/2014 07:41 PM, Jeff Jaffe wrote:
>
> Mind you, I have no strong objection to the proposal; just discussing whether it is most effective. More effective would be to
> raise the level of understanding and training among spec writers to be constantly security aware.

I think having a questionnaire, as Anne suggested, filled out prior to FPWD,
might be helpful. Other cross-WG review groups could also provide a standard
questionnaire that prompts tech designers to think about the implications of
the technology they're designing and fix any common mistakes prior to FPWD.

I don't think requiring WebSec review prior to FPWD is ideal schedule-wise,
but having it trigger a WebSec review seems reasonable.

(You don't even have to modify the process for any of this, just create the
questionnaires and educate the staff contacts about using them...)

~fantasai

Received on Monday, 3 November 2014 04:34:28 UTC