W3C home > Mailing lists > Public > www-tag@w3.org > July 2016

Re: Securing the security reviews in W3C - how to proceed ?

From: Léonie Watson <tink@tink.uk>
Date: Thu, 21 Jul 2016 16:43:50 +0100
To: Anne van Kesteren <annevk@annevk.nl>, GALINDO Virginie <Virginie.Galindo@gemalto.com>
Cc: "www-tag@w3.org" <www-tag@w3.org>, "public-webappsec@w3.org" <public-webappsec@w3.org>, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>
Message-ID: <a465bc39-0ba3-aab4-4304-6affdc6a2da5@tink.uk>
On 21/07/2016 15:49, Anne van Kesteren wrote:
> On Thu, Jul 21, 2016 at 4:34 PM, GALINDO Virginie
> <Virginie.Galindo@gemalto.com> wrote:
>> Thanks for jumping in that thread if you believe you can help with improving security reviews in W3C !
>
> I think increasing the overall security competence and understanding
> of the same-origin policy, through self-review and learning, is much
> more important than delegating the task to a pool of "experts". The
> idea of having "accessibility", "internationalization", and now
> "security" pillars has proven not to scale and has done more harm than
> good. It's good to have communities where you can go for help, but
> making them responsible doesn't really work.

+1 (and then some).

We have this problem with accessibility. We spent too long doing 
accessibility for other people, instead of helping them to do it for 
themselves.

We now recognise this isn't sustainable, and we're trying to educate 
people, and to create tools that make it easier to incorporate 
accessibility into a project lifecycle. We're also trying to support 
people as they gain the skills they need.
Léonie.


-- 
@LeonieWatson tink.uk Carpe diem
Received on Thursday, 21 July 2016 15:45:41 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 21 July 2016 15:45:42 UTC