W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2016

Re: Securing the security reviews in W3C - how to proceed ?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 21 Jul 2016 16:49:32 +0200
Message-ID: <CADnb78gphYU2D03YkMrozBsQrZ+H4Yxh-1hs=cuMt_3UtwHfng@mail.gmail.com>
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Cc: "www-tag@w3.org" <www-tag@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>
On Thu, Jul 21, 2016 at 4:34 PM, GALINDO Virginie
<Virginie.Galindo@gemalto.com> wrote:
> Thanks for jumping in that thread if you believe you can help with improving security reviews in W3C !

I think increasing the overall security competence and understanding
of the same-origin policy, through self-review and learning, is much
more important than delegating the task to a pool of "experts". The
idea of having "accessibility", "internationalization", and now
"security" pillars has proven not to scale and has done more harm than
good. It's good to have communities where you can go for help, but
making them responsible doesn't really work.

Received on Thursday, 21 July 2016 14:50:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:56 UTC