- 71% – Detecting security vulnerabilities
- 69% – Understanding security threat
- 67% – Understanding the Browser Security Model
- 55% – Safely Integrating Third Party Services
- 54% – Keeping Frameworks and Libraries Up-to-Date
- 45% – HTTPS Configuration
Additional concerns: staying updated with new security threats, integrating third-party code securely, the lack of cybersecurity content in formal education, regulatory compliance.
Need to get people talking to each other across silos
Workshop papers and agenda
See 8 selected papers. Three axes of discussion:
- Supply Chain Security
- JavaScript Security
- Developer Awareness
Three live sessions planned on 26, 27, 28 September at 3pm UTC.
SBOM?
- SBOM stands for Software Bill Of Material
- Nested inventory, a list of ingredients that make up software components
- Can be used for vulnerability management and product integrity
- Two competing formats (because standards): CycloneDX and SPDX
- Tools ecosystem
- Government guidelines pushing adoption
Discussion
- How to bring the “secure software supply chain” approach to the web development community?
- Guidance for web developers who work at different levels of the stack?
- How to make web security technologies easier to use and adopt?
- How can OSS focused efforts better support web developers?
- How can OSS review processes serve as inspiration for review of new web specifications?
- How do we make security part of the goals and priorities for everyone?
This session will be a precursor to our upcoming workshop, Secure the Web Forward, which aims to increase the overall security of web applications by addressing the need for clear, guidelines for web developers, identifying key emerging technologies and gaps.
Potential discussion points include: