- lots of support for a standard "Security considerations" section in reference docs, like we have for accessibility
- what are the key FE security concerns, and what is the impact? Most people are not security experts and even a basic checklist - 5 things to be careful about - would be a big step forward for most people
- security community has terms of art and some gatekeeping. Should aim to make security more accessible to people, and not act like it is someone else's problem.
- can we incorporate security advice inside IDEs and devtools
- can we have demos of security problems, to make them less abstract?
- companies don't want to invest in security, especially if their websites just work
- if web shops are delivering to e.g. banks, then they should ask the companies to care.
- security regulation (https://en.wikipedia.org/wiki/Cyber_Resilience_Act) will make a big difference - but what exactly are the best practices going to be? We can help inform regulation here. Like WCAG but for security?
- need to document end user impact: the why, and the potential harm, to help devs (and their managers) understand the value of good security practices
- there is potentially a lot of overlap between improved MDN security docs and the work Ben is planning with the OpenJS Foundation (https://www.w3.org/2023/03/secure-the-web-forward/papers.html#roadmap) and they might be open to collaborating?
Last active
October 4, 2023 03:04
-
-
Save wbamberg/863caf68e293ae8ab8d2513ac1cc070f to your computer and use it in GitHub Desktop.
Notes from Secure the Web Forward
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment