Thread: I'm co-organizing a research seminar at Castle Dagstuhl in Germany. The style is open questions and discussion rather than traditional talks. These are the topics we hope to cover:
Great list of topics, hope the discussions are fruitful! One thought from the perspective of someone securing large, popular web applications: there doesn't seem to be too much discussion of some of the most common practical web security issues that expose user data to attackers:
-
-
Some examples: XSS mitigations and platform defenses (Trusted Types, Suborigins, CSP3); dealing robustly with cross-origin leaks beyond the Spectre angle (addressing CSRF, XSSI, timing attacks); solving difficulties in the adoption of existing security features.
-
Not sure if any of this fits into your agenda, but given that this is the bulk of what many security engineers need to work on to protect their users, discussions about the future of the web platform might benefit from touching upon these issues.
-
(FWIW I expect that you intend to cover many of the things above as part of other discussions, so don't take this as criticism of an otherwise excellent program; just a slight preference for also considering the big unsolved practical issues.)
-
The spirit of Dagstuhl seminars is welcoming to questions outside the agenda in my experience. We, the four organizers, know very well that we aren't experts in all parts of web security and privacy. We try
, but the group of participants will add much more to the topic list. -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.