w3ctag / security-questionnaire

A security/privacy review questionnaire for W3C specs
https://w3ctag.github.io/security-questionnaire/
Creative Commons Zero v1.0 Universal
25 stars 34 forks source link

This repository contains the Editor's Draft of the Self-Review Questionnaire: Security and Privacy document, which spec authors can use to identify and work through possible security and privacy concerns related to their spec.

The questionnaire is a joint product of the TAG and PING.

When folks request a design review from the TAG, filling out the security and privacy questionnaire helps the TAG to understand potential security and privacy issues and mitigations for the design, and can save us asking redundant questions.

Before requesting security and privacy review from the security reviewers and PING, respectively, documents must contain both "Security Considerations" and "Privacy Considerations" sections for their documents, as described in Section 2.15. While your answers to the questions in this document will inform your writing of those sections, it is not appropriate to merely copy this questionnaire into those sections.

Further instructions on requesting security and privacy reviews can be found in the Guide.