search

w3c / oss-relations

Discussions and documents linked to the relationships W3C has or should have with the Open Source Software ecosystem
2 stars 2 forks source link

Monitoring security impact of single shared implementation #4

Open dontcallmedom opened 3 years ago

dontcallmedom commented 3 years ago

As discussed in #1, one of the possible negative impacts of relying on a single shared implementation is that it creates a single point of failure in terms of security: as the Heartbleed attack on openssl demonstrated, a security bug found in a library used throughout the platform creates very damaging results.

A possible approach might be to use the results of #2 to either setup W3C efforts or orient other existing efforts (e.g. https://www.coreinfrastructure.org/) to keep a closer watch on the said projects.

dontcallmedom commented 3 years ago

(compared to #3, the need to track these security risks is not particularly bound to the W3C standardization process from a time perspective, hence why I propose to discuss it separately)