[Global_industry_committee] Fwd: Re: Feedback from OWASP on Mobile Web Application Best Practices, W3C Working Draft 13 July 2010 ( LC-2412)
eoin.keary at owasp.org
Tue Sep 7 13:00:19 EDT 2010
today w3c tomorrow the world!
On 7 September 2010 16:53, David Campbell <dcampbell at owasp.org> wrote:
> They didn't incorporate my suggestions verbatim, but we did get a citation
> Colin can you add this to the citations list?
> -------- Original Message -------- Subject: Re: Feedback from OWASP on
> Mobile Web Application Best Practices, W3C Working Draft 13 July 2010 (
> LC-2412) Date: Tue, 07 Sep 2010 14:21:02 +0000 From: fd at w3.org To: David
> Campbell <dcampbell at owasp.org> <dcampbell at owasp.org> CC:
> public-bpwg-comments at w3.org
> Dear David Campbell ,
> The Mobile Web Best Practices Working Group has reviewed the comments you
> sent  on the Last Call Working Draft  of the Mobile Web Application
> Best Practices published on 13 Jul 2010. Thank you for having taken the
> time to review the document and to send us comments!
> The Working Group's response to your comment is included below, and has
> been implemented in the new version of the document available at:http://www.w3.org/2005/MWI/BPWG/Group/Drafts/BestPractices-2.0/latest.
> Please review it carefully and let us know by email atpublic-bpwg-comments at w3.org if you agree with it or not before 14 September
> 2010 (if possible, simply tell us if you need more time). In case of
> disagreement, you are requested to provide a specific solution for or a
> path to a consensus with the Working Group. If such a consensus cannot be
> achieved, you will be given the opportunity to raise a formal objection
> which will then be reviewed by the Director during the transition of this
> document to the next stage in the W3C Recommendation Track.
> For the Mobile Web Best Practices Working Group,
> Dominique HazaÃ«l-Massieux
> FranÃ§ois Daoust
> W3C Staff Contacts
> 1. http://www.w3.org/mid/[email protected]
> 2. http://www.w3.org/TR/2010/WD-mwabp-20100713/
> Your comment on the document as a whole:
> > Dear Sir or Madam:
> > I represent the Global Industry Committee of the Open Web Application
> > Security Project (OWASP) and we are keenly interested in your
> > forthcoming Mobile Web Application Best Practices recommendation.
> > Attached please find a PDF document containing our comments on your
> > draft recommendation.
> > Please feel free to contact me directly with any questions, comments
> > or
> > concerns.
> > Cheers,
> > David Campbell
> > Open Web Application Security Project
> > dcampbell at owasp.org
> > www.owasp.org
> Working Group Resolution (LC-2412):
> The group partially agrees with the comment.
> The Mobile Web Application Best Practices is explicitly scoped to best
> practices that have some specific impact on the mobile context:
> The Working Group acknowledges that most "desktop" security-related best
> practices also apply to mobile devices and updated the introduction text of
> the "Security and Privacy" section to reflect that the one best practice
> listed in that section is definitely not the end of it. The Working Group
> has also decided to reference the OWASP TOP 10 work as example of usual
> security measures in this text. See updated text in latest editor's draft:
> The group does not feel it has the expertise to review and select other
> best practices related to security and decided against adding more best
> practices to the section. A future version of the best practices should
> probably include a more comprehensive set of best practices related to
> The best practice listed in this category was chosen on the grounds that
> it was the most obvious client-side security hole to bridge in a mobile Web
> application that might have access to personal information. In particular,
> a mobile Widget could perhaps be allowed to send SMS or make phone calls
> while the device is connected to an "untrusted" public Wifi connection,
> thus enabling potential man-in-the-middle attacks.
> Global_industry_committee mailing list
> Global_industry_committee at lists.owasp.org
OWASP Global Board Member
OWASP Code Review Guide Lead Author
Sent from my i-Transmogrifier
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Global_industry_committee