Work on Security Best Practices for Web Developers

[torgo]

As discussed in today's BP call, this is a tracking issue to capture discussions around the idea for a special guide for web developers focusing on security best practices. This would could be done with a newly forming group in the W3C https://github.com/w3c/secure-the-web-forward-workshop/issues/42 - potential through a liaison. Details to be worked out. The outcome could be something between a "concise guide" the SCM Best Practices guide in size.

[torgo]

Update: we have a draft charter here: https://w3c.github.io/charter-drafts/2024/swag-cg.html and are now actively looking for participants. As discussed in this week's Best Practices call, we are thinking of inviting BP group members to join the calls of the SWAG community group and do the work there, and then report on that work to the BP working group - and work on at least one joint deliverable.

[torgo]

The SWAG group has launched as a proposed community group- see https://www.w3.org/community/groups/proposed/#swag - please register your support and we can get this going.

[torgo]

Update: the group has launched and can now be joined: http://www.w3.org/community/swag/join

[torgo]

Some of the work items in SWAG are as follows:

Work item: come up with a set of security criteria for packages · Issue #1 · w3c-cg/swag (github.com)
Security Features List · Issue #2 · w3c-cg/swag (github.com)
How can we help CSP gain more adoption with Web Developers · Issue #3 · w3c-cg/swag (github.com)