- From: fantasai <fantasai.lists@inkedblade.net>
- Date: Sun, 02 Nov 2014 20:33:58 -0800
- To: Jeff Jaffe <jeff@w3.org>, Anne van Kesteren <annevk@annevk.nl>
- CC: Philippe Le Hegaret <plh@w3.org>, public-w3process <public-w3process@w3.org>
On 11/02/2014 07:41 PM, Jeff Jaffe wrote: > > Mind you, I have no strong objection to the proposal; just discussing whether it is most effective. More effective would be to > raise the level of understanding and training among spec writers to be constantly security aware. I think having a questionnaire, as Anne suggested, filled out prior to FPWD, might be helpful. Other cross-WG review groups could also provide a standard questionnaire that prompts tech designers to think about the implications of the technology they're designing and fix any common mistakes prior to FPWD. I don't think requiring WebSec review prior to FPWD is ideal schedule-wise, but having it trigger a WebSec review seems reasonable. (You don't even have to modify the process for any of this, just create the questionnaires and educate the staff contacts about using them...) ~fantasai
Received on Monday, 3 November 2014 04:34:28 UTC