-
サマリー
あらすじ・解説
In this episode, Dan Applequist of Samsung explores the intersection of open source security and web development. Drawing from his extensive experience with the World Wide Web Consortium (W3C) and initiatives like Open Source Security Foundation (OpenSSF) and C2PA, Dan discusses the challenges and opportunities of uniting the open source security community with web developers. Emphasis is placed on the critical importance of mobile security, considering the sensitive information on mobile devices and industry best practices such as OWASP guidelines. The conversation also highlights the importance of security education, referencing resources like OpenSSF Security 101 and OWASP's global meetups. Additionally, media authenticity through protocols like C2PA and the role of organizations such as the BBC in this domain are discussed. The episode concludes with recommendations for developers to enhance their security practices through continuous learning and community engagement. 00:00 Introduction 00:25 Dan's Role at Samsung and Open Source Contributions 00:45 Web Standards and Privacy Initiatives 04:20 Bridging Web Development and Open Source Security 08:08 Challenges in Web and Mobile Security 09:26 The Importance of Mobile Security 11:40 Threat Models and Security Concerns 12:05 Protecting Yourself and Your Data 12:38 Web Security Best Practices 13:46 Challenges for Web Developers 15:28 Open SSF and W3C Collaboration 17:36 Expanding Security Education 19:44 The Importance of Media Authenticity 22:25 Final Thoughts and Future Discussions Resources:
- W3C SWAG Group: https://www.w3.org/community/swag/ - and GitHub repo https://github.com/w3c-cg/swag with meeting minutes
- Last year's W3C / OpenSSF/ OWASP / OpenJS "Secure the Web Forward" workshop: https://www.w3.org/2023/03/secure-the-web-forward/ (includes videos of all talks and workshop report)
- W3C Ethical Web Principles https://www.w3.org/TR/ethical-web-principles/
- W3C Privacy Principles https://www.w3.org/TR/privacy-principles/
- W3C Security & Privacy self-check https://www.w3.org/TR/security-privacy-questionnaire/