[ig/security] Add a concrete threat model for the Web to the deliverables. #583
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jyasskin
commented
Sep 3, 2024
| <li><a href="https://chromium.googlesource.com/chromium/src/+/master/docs/security/web-platform-security-guidelines.md">Chromium Web Platform Security guidelines</a></li> | ||
| <li>The <a href="https://xsleaks.dev/">XS-Leaks Wiki</a></li> | ||
| <ul> | ||
| </dd> | ||
| <dt id="TMG" class="spec"> | ||
| Threat Modeling guide |
There was a problem hiding this comment.
I'm not sure if the concrete threat model should replace this general guide. If this IG is meant to subsume the Threat Modeling CG, then the guide should definitely remain one of this group's deliverables, but otherwise maybe the CG should be the sole owner, and this group should just be willing to schedule some discussion time for it.
There was a problem hiding this comment.
i think that there are different things, one more generic and another one tied to the web platform
Comment on lines
+201
to
+204
| <p><b>Potential input documents:</b></p> | ||
| <ul> | ||
| <li><a href="https://chromium.googlesource.com/chromium/src/+/master/docs/security/web-platform-security-guidelines.md">Chromium Web Platform Security guidelines</a></li> | ||
| <li>The <a href="https://xsleaks.dev/">XS-Leaks Wiki</a></li> |
There was a problem hiding this comment.
Ideally the charter would list a few more input documents from outside of Chromium's orbit. These are just the documents I had handy.
simoneonofri
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This goes along with Google's comment in the charter's AC review.