Re: Require security review before FPWD

On 11/02/2014 07:41 PM, Jeff Jaffe wrote:
> Mind you, I have no strong objection to the proposal; just discussing whether it is most effective. More effective would be to
> raise the level of understanding and training among spec writers to be constantly security aware.

I think having a questionnaire, as Anne suggested, filled out prior to FPWD,
might be helpful. Other cross-WG review groups could also provide a standard
questionnaire that prompts tech designers to think about the implications of
the technology they're designing and fix any common mistakes prior to FPWD.

I don't think requiring WebSec review prior to FPWD is ideal schedule-wise,
but having it trigger a WebSec review seems reasonable.

(You don't even have to modify the process for any of this, just create the
questionnaires and educate the staff contacts about using them...)


Received on Monday, 3 November 2014 04:34:28 UTC