- From: Brad Hill <hillbrad@gmail.com>
- Date: Wed, 14 Dec 2016 19:07:20 +0000
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAEeYn8iaP_pRHQ9tbXjer-_aVxLXwxVHRC46o4=Bpof9ZSBRpg@mail.gmail.com>
This is a Call for Consensus to send a re-charter proposal for the WebAppSec WG to the AC. This Call for Consensus will end at the next regularly scheduled meeting of the WG on December 21st. Please send comments to public-webappsec@w3.org Thanks to Wendy for getting this started. I believe I've added all specs in progress, but please review and run this by your legal teams: https://rawgit.com/w3c/webappsec/master/admin/webappsec-charter-2017.html Pull requests welcome at but please cc: the list. https://github.com/w3c/webappsec/blob/master/admin/webappsec-charter-2017.html Additions in overall scope from previous charter: Vulnerability Mitigation * Vulnerabilities are inevitable in sufficiently complex applications. Th WG will work on mechanisms to reduce the scope, exploitability and impact of common vulnerabilites and vulnerability classes in web applications, especially script injection / XSS. Attack Surface Reduction * Replace or augment injection-prone APIs in the browser with safer alternatives using strategies such as sanitization, strict contextual autoescaping, and other validation and encoding strategies currently employed by server-side code. The Web Security Model * The WG may be called on to advise other WGs or the TAG on the fundamental security model of the Web Platform and may produce Recommendations towards the advancement of, or addressing legacy issues with, the model, such as mitigating cross-origin data leaks or side channel attacks. Thank you, Brad Hill
Received on Wednesday, 14 December 2016 19:08:03 UTC