W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2016

RE: Securing the security reviews in W3C - how to proceed ?

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Wed, 24 Aug 2016 21:01:44 +0000
To: "www-tag@w3.org" <www-tag@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Yan Zhu <yan@mit.edu>, Anne van Kesteren <annevk@annevk.nl>, Léonie Watson <tink@tink.uk>, "Jim Manico" <jim.manico@owasp.org>, Martin J. Dürst <duerst@it.aoyama.ac.jp>, Anders Rundgren <anders.rundgren.net@gmail.com>
CC: Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2A0146CD4505@A1GTOEMBXV005.gto.a3c.atos.net>
Dear all,

Thanks for sharing your thoughts about the way we could improve security reviews in W3C. I heard that having tools allowing autonomy of the groups, together with having a small group of security experts (support when groups are not autonomous) could be the right combination.

I suggest that we discuss that topic into a Web Security IG call in September [1]. The poll to indicate your availability and help me to find the most appropriate timing is here : http://doodle.com/poll/yi53mytpyfrkqb6d. Thanks for answering before the 2nd of September.

Regards,
Virginie


[1] https://lists.w3.org/Archives/Public/public-web-security/2016Aug/0001.html


-----Original Message-----
From: GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
Sent: jeudi 21 juillet 2016 16:34
To: www-tag@w3.org; public-webappsec@w3.org
Cc: Wendy Seltzer <wseltzer@w3.org>; Samuel Weiler <weiler@w3.org>
Subject: Securing the security reviews in W3C - how to proceed ?

Dear all,

As you know, W3C members expressed recently that security was a major topic for the open web platform [1]. Performing security reviews on future recommendations is one possible way to make sure the open web platform stays a secure platform. This email is to get feedbacks from you, and the security community :
- if you believe that creating a pool of security expert, being in charge collectively to perform security review is a reasonable way to achieve that - this is the way IETF is proceeding today,
-  give a chance to declare your interest to participate in this pool of experts, if it were to be created,
- get from you any idea that would help improving the security review efficiency,

Thanks for jumping in that thread if you believe you can help with improving security reviews in W3C !

Regards,
Virginie Galindo
Web Security IG chair and W3C AB member
Twitter : @poulpita


[1] W3C Highlights and Advisory Committee meeting https://www.w3.org/blog/2016/03/w3c-highlights-and-advisory-committee-meeting/

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Wednesday, 24 August 2016 21:02:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:21 UTC