Back in May (apologies for latency, we’ve had a busy summer/fall), Andy Steingruebl and I presented our paper, “The Need for a Coherent Web Security Policy Framework” (slides), at the Web 2.0 Security and Privacy 2010 Workshop. It seemed to be relatively well received (the abstract is below). There were a number of interesting papers at the workshop, browsing the workshop pages is encouraged
Since then, we’ve been waving our paper around and pursuing the action items outlined therein with some modest success, which I’ll outline in subsequent posts.
=JeffH sez check it out…
Web-based malware and attacks are proliferating rapidly on the Internet. New web security mechanisms are also rapidly growing in number, although in an incoherent fashion. In this position paper, we give a brief overview of the ravaged web security landscape, and the various seemingly piece-wise approaches being taken to mitigate the threats. We then propose that with some cooperation, we can likely architect approaches that are more easily wielded and provide extensibility for the future. We provide thoughts on where and how to begin coordinating the work.