W3C home > Mailing lists > Public > public-w3process@w3.org > October 2014

Re: Require security review before FPWD

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 30 Oct 2014 18:46:57 +0100
Message-ID: <CADnb78gj5nofSGSvGtzNY0OtEW0AGpwW7Kyhw5oO57osTRRg5g@mail.gmail.com>
To: Chris Wilson <cwilso@google.com>
Cc: public-w3process <public-w3process@w3.org>
On Thu, Oct 30, 2014 at 6:32 PM, Chris Wilson <cwilso@google.com> wrote:
> In general, I'm in agreement that security should be considered early; since
> FPWD is the only place you can make sure it's "early", I might agree with
> this, but what would you consider a "security review"?  Are there specific
> people you'd want involved, signoff from someone particular, or simply a
> "security review" section in the FPWD doc?  Specific questions like "why
> don't you require TLS (if you don't)?"

Probably specific questions would work best, combined with review from
the WebAppSec community.

Received on Thursday, 30 October 2014 17:47:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:51:22 UTC