On Friday, January 3, 2014 at 7:18 PM, Harry Halpin wrote: > On Fri, Jan 3, 2014 at 10:11 AM, Marcos Caceres <w3c@marcosc.com (mailto:w3c@marcosc.com)> wrote: > > > > > > > > On Friday, January 3, 2014 at 6:42 PM, Harry Halpin wrote: > > > > > Thus, it would be great if someone with real-world Web and Internet > > > security experience ran for the TAG. Or was even offered to the W3C as > > > a Fellow :) > > > > > > > > > > Harry Halpin, FTW? :) > > Currently, the W3C staff does not have a security expert given the > departure of Thomas Roessler and there are very few people that are > really qualified: have the years of experience with industrial-scale > deployment, threat models, etc. really needed given the urgency of the > situation. > > While I think W3C can co-operate effectively with the IETF and other > bodies - along with the great amounts of expertise and talented > individuals in WebAppSec and WebCrypto WGs - to provide security > reviews of specs, having security expertise on the TAG is one way to > strengthen the W3C in this regard. > Yeah, it wouldn’t hurt - but anyone is free to review the specs irrespective of the TAG (in the last year, I think the TAG only managed to review maybe 5 specs - and only 2-3 in any real depth). Having someone dedicated to security on the TAG would hardly make that much of an impact, as TAG members really only put in a few hours a week at best (unfortunately, TAG members also have their day jobs). I guess the TAG could somehow connect WG/Editors with the right security experts… but that could - and should - happen independently of the TAG. -- Marcos CaceresReceived on Friday, 3 January 2014 09:28:15 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:00 UTC