- From: Adam Barth <w3c@adambarth.com>
- Date: Sat, 24 Oct 2009 10:03:16 -0700
- To: Doug Schepers <schepers@w3.org>
- Cc: Jonathan Rees <jar@creativecommons.org>, Maciej Stachowiak <mjs@apple.com>, "Mark S. Miller" <erights@google.com>, Anne van Kesteren <annevk@opera.com>, "Henry S. Thompson" <ht@inf.ed.ac.uk>, Jonas Sicking <jonas@sicking.cc>, Arthur Barstow <Art.Barstow@nokia.com>, public-webapps <public-webapps@w3.org>
On Fri, Oct 23, 2009 at 10:34 PM, Doug Schepers <schepers@w3.org> wrote: > Sorry for being dense, but why couldn't the whitehats build toy systems on > an open honeynet? They could, but what would we learn from such an experiment? If they build only secure systems, then we'd learn that security experts can build secure systems, which is somewhat unsurprising. If they build insecure systems, then we'd learn that it is possible to build insecure systems, which we know already. The real question hinges around what sorts of systems real developers will build given CORS as a tool and whether we can prod them into building more secure systems by changing the API. There isn't really a way for us to answer that question in our ivory tower because it revolves around who writes blog posts about what, and how good the sample code is that people start copying and pasting. I suspect we could do much more for the security of the web by writing up good tutorials and example code for using CORS than we could by tweaking various parts of the specification at this point. Adam
Received on Saturday, 24 October 2009 17:04:12 UTC