[CSP] why we do it! from Kevin Hill on 2014-09-08 (public-webappsec@w3.org from September 2014)

From: Kevin Hill <khill@microsoft.com>
Date: Mon, 8 Sep 2014 19:42:37 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <7c0f6b5425dd4ba58aa946bc4b766fd1@SN2PR03MB031.namprd03.prod.outlook.com>

I found a couple of great articles that are relevant to CSP.  Not necessarily spec related, but as all the companies think about adoption of CSP policies on the web these articles help remind me of why this work is important.

Great write up by Yelp:
http://engineeringblog.yelp.com/2014/09/csp_reports_at_scale.html

Great reason why we need CSP:
http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

I thought I'd ask the question to this group, how many people have plans to implement CSP within their services current?  Yes, I am working on one here at Microsoft.  Hoping to share successes and challenges more broadly if possible.

Best regards,

Kevin Hill

Received on Monday, 8 September 2014 19:43:07 UTC