Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

What security guidance should we give web developers? #96

Open
wbamberg opened this issue Sep 16, 2024 · 3 comments
Open

What security guidance should we give web developers? #96

wbamberg opened this issue Sep 16, 2024 · 3 comments
Labels
session Breakout session proposal

Comments

@wbamberg
Copy link

wbamberg commented Sep 16, 2024
edited by tpac-breakout-bot
Loading

Session description

There are a lot of web platform features that relate to security, and they generally have pretty comprehensive documentation on MDN. But there's not a lot of normative guidance: which features should people use (and which should they avoid), why should they use them, and how should they use them?

In the Security Web Application Guidelines Community Group (SWAG CG) we've been trying to understand these questions, partly so we can update MDN with this sort of normative guidance for developers with deadlines. So this very open-ended session is proposed to gather input on security documentation requirements.

Session goal

Security documentation requirements.

Additional session chairs (Optional)

@torgo

Who can attend

Anyone may attend (Default)

IRC channel (Optional)

#mdn-security

Other sessions where we should avoid scheduling conflicts (Optional)

#79, #8, #10, #12, #34

Instructions for meeting planners (Optional)

No response

Agenda for the meeting.

https://wbamberg.github.io/web-security-w3c-breakouts-september-2024/Templates/Overview.html

Links to calendar

Meeting materials
@wbamberg wbamberg added the session Breakout session proposal label Sep 16, 2024
@tpac-breakout-bot
Copy link
Collaborator

Thank you for proposing a session!

You may update the session description as needed and at any time before the meeting, but please keep in mind that tooling relies on issue formatting: follow the instructions and leave all headings and other formatting intact in particular. Bots and W3C meeting organizers may also update the description, to fix formatting issues or add links and other relevant information. Please do not revert these changes. Feel free to use comments to raise questions.

Do not expect formal approval; W3C meeting organizers endeavor to schedule all proposed sessions that are in scope for a breakout. Actual scheduling should take place shortly before the meeting.

@torgo
Copy link

torgo commented Sep 16, 2024

Can we also avoid clashing with #70 and #59 if possible? 🙏🏻

@wbamberg wbamberg changed the title What security guidance should MDN give web developers? What security guidance should we give web developers? Sep 16, 2024
@chrisdavidmills
Copy link

Note that I recently added these Practical security implementation guides, which are pointed to by the updated HTTP Observatory that now lives on MDN.

I would love to see what else is recommended alongside these, and how you think they could be better structured/positioned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
session Breakout session proposal
Projects
TPAC 2024 breakout sessions
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@chrisdavidmills @torgo @wbamberg @tpac-breakout-bot