- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 30 Oct 2014 18:46:57 +0100
- To: Chris Wilson <cwilso@google.com>
- Cc: public-w3process <public-w3process@w3.org>
On Thu, Oct 30, 2014 at 6:32 PM, Chris Wilson <cwilso@google.com> wrote: > In general, I'm in agreement that security should be considered early; since > FPWD is the only place you can make sure it's "early", I might agree with > this, but what would you consider a "security review"? Are there specific > people you'd want involved, signoff from someone particular, or simply a > "security review" section in the FPWD doc? Specific questions like "why > don't you require TLS (if you don't)?" Probably specific questions would work best, combined with review from the WebAppSec community. -- https://annevankesteren.nl/
Received on Thursday, 30 October 2014 17:47:25 UTC