W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2014

[CSP] why we do it!

From: Kevin Hill <khill@microsoft.com>
Date: Mon, 8 Sep 2014 19:42:37 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <7c0f6b5425dd4ba58aa946bc4b766fd1@SN2PR03MB031.namprd03.prod.outlook.com>
I found a couple of great articles that are relevant to CSP.  Not necessarily spec related, but as all the companies think about adoption of CSP policies on the web these articles help remind me of why this work is important.

Great write up by Yelp:
http://engineeringblog.yelp.com/2014/09/csp_reports_at_scale.html

Great reason why we need CSP:
http://arstechnica.com/tech-policy/2014/09/why-comcasts-javascript-ad-injections-threaten-security-net-neutrality/

I thought I'd ask the question to this group, how many people have plans to implement CSP within their services current?  Yes, I am working on one here at Microsoft.  Hoping to share successes and challenges more broadly if possible.

Best regards,

Kevin Hill
Received on Monday, 8 September 2014 19:43:07 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:06 UTC