Re: Require security review before FPWD

On Thu, Oct 30, 2014 at 6:32 PM, Chris Wilson <cwilso@google.com> wrote:
> In general, I'm in agreement that security should be considered early; since
> FPWD is the only place you can make sure it's "early", I might agree with
> this, but what would you consider a "security review"?  Are there specific
> people you'd want involved, signoff from someone particular, or simply a
> "security review" section in the FPWD doc?  Specific questions like "why
> don't you require TLS (if you don't)?"

Probably specific questions would work best, combined with review from
the WebAppSec community.


-- 
https://annevankesteren.nl/

Received on Thursday, 30 October 2014 17:47:25 UTC