23652 – Need for a non-normative section describing implementation security concerns and mitigation strategies

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23652 - Need for a non-normative section describing implementation security concerns and mitigation strategies

Summary: Need for a non-normative section describing implementation security concerns ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Browser Test/Tools WG
Classification:	Unclassified
Component:	WebDriver (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Browser Testing and Tools WG
QA Contact:	Browser Testing and Tools WG

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	20860
	Show dependency tree / graph

Reported:	2013-10-28 10:40 UTC by Tobie Langel
Modified:	2013-12-20 22:09 UTC (History)
CC List:	3 users (show)

See Also:

Attachments

Description Tobie Langel 2013-10-28 10:40:13 UTC

Concerns around implementation security issues are preventing adoption of WebDriver notably in the TV industry, which is worried WebDriver could be used to subvert a user's TV set.

It would be extremely useful to either have a (non-normative) section on security within the spec, describing the potential security risks (including social engineering) and mitigation strategies, or have such a document hosted elsewhere to which I could point to when security is brought up as a concern.

Case studies on how the security concerns have been resolved in shipping implementations would also be tremendously useful.

Comment 1 David Burns :automatedtester 2013-12-20 22:09:02 UTC

Landed in https://dvcs.w3.org/hg/webdriver/rev/2db0ef25522e