- From: Marcos Caceres <w3c@marcosc.com>
- Date: Fri, 3 Jan 2014 19:27:36 +1000
- To: Harry Halpin <hhalpin@ibiblio.org>
- Cc: Robin Berjon <robin@w3.org>, Brian Kardell <bkardell@gmail.com>, Michael Smith <mike@w3.org>, "www-tag@w3.org" <www-tag@w3.org>
On Friday, January 3, 2014 at 7:18 PM, Harry Halpin wrote: > On Fri, Jan 3, 2014 at 10:11 AM, Marcos Caceres <w3c@marcosc.com (mailto:w3c@marcosc.com)> wrote: > > > > > > > > On Friday, January 3, 2014 at 6:42 PM, Harry Halpin wrote: > > > > > Thus, it would be great if someone with real-world Web and Internet > > > security experience ran for the TAG. Or was even offered to the W3C as > > > a Fellow :) > > > > > > > > > > Harry Halpin, FTW? :) > > Currently, the W3C staff does not have a security expert given the > departure of Thomas Roessler and there are very few people that are > really qualified: have the years of experience with industrial-scale > deployment, threat models, etc. really needed given the urgency of the > situation. > > While I think W3C can co-operate effectively with the IETF and other > bodies - along with the great amounts of expertise and talented > individuals in WebAppSec and WebCrypto WGs - to provide security > reviews of specs, having security expertise on the TAG is one way to > strengthen the W3C in this regard. > Yeah, it wouldn’t hurt - but anyone is free to review the specs irrespective of the TAG (in the last year, I think the TAG only managed to review maybe 5 specs - and only 2-3 in any real depth). Having someone dedicated to security on the TAG would hardly make that much of an impact, as TAG members really only put in a few hours a week at best (unfortunately, TAG members also have their day jobs). I guess the TAG could somehow connect WG/Editors with the right security experts… but that could - and should - happen independently of the TAG. -- Marcos Caceres
Received on Friday, 3 January 2014 09:28:15 UTC