Authorization

Web feature developers told to dial up attention on privacy and security

Web feature developers are being warned to step up attention to privacy and security as they design contributions.
Writing in a blog post about “evolving threats” to Internet users’ privacy and security, the W3C standards body’s technical architecture group (TAG) and Privacy Interest Group (PING) set out a series of revisions to the W3C’s Security and Privacy Questionnaire for web feature developers.
The questionnaire itself is not new. But the latest updates place greater emphasis on the need for contributors to assess and mitigate privacy impacts, with developers warned that “features may not be implemented if risks are found impossible or unsatisfactorily mitigated”.
In the blog post, independent researcher Lukasz Olejnik, currently serving as an invited expert at the W3C TAG; and Apple’s Jason Novak, representing the PING, write that the intent with the update is to make it “clear that feature developers should consider security and privacy early in the feature’s lifecycle” [emphasis theirs].
“The TAG will be carefully considering the security and privacy of a feature in their design reviews,” they further warn, adding: “A security and privacy considerations section of a specification is more than answers to the questionnaire.”


Security & privacy to be considered early in the web/browser feature’s lifecycle. New high level type of threat "legitimate misuse": just because something is technically possible does not mean it was designed for abuse and it is OK to do so
— Lukasz Olejnik (@lukOlejnik) September 11, 2019
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«    Сентябрь 2019    »
ПнВтСрЧтПтСбВс
 1
2345678
9101112131415
16171819202122
23242526272829
30