Thread: I'm co-organizing a research seminar at Castle Dagstuhl in Germany. The style is open questions and discussion rather than traditional talks. These are the topics we hope to cover:
-
Show this thread
-
Replying to @johnwilander
Great list of topics, hope the discussions are fruitful! One thought from the perspective of someone securing large, popular web applications: there doesn't seem to be too much discussion of some of the most common practical web security issues that expose user data to attackers:
1 reply 0 retweets 0 likes -
Replying to @arturjanc @johnwilander
Some examples: XSS mitigations and platform defenses (Trusted Types, Suborigins, CSP3); dealing robustly with cross-origin leaks beyond the Spectre angle (addressing CSRF, XSSI, timing attacks); solving difficulties in the adoption of existing security features.
1 reply 0 retweets 5 likes -
Replying to @arturjanc @johnwilander
Not sure if any of this fits into your agenda, but given that this is the bulk of what many security engineers need to work on to protect their users, discussions about the future of the web platform might benefit from touching upon these issues.
1 reply 0 retweets 1 like -
Replying to @arturjanc @johnwilander
(FWIW I expect that you intend to cover many of the things above as part of other discussions, so don't take this as criticism of an otherwise excellent program; just a slight preference for also considering the big unsolved practical issues.)
2 replies 0 retweets 0 likes -
Replying to @arturjanc
The spirit of Dagstuhl seminars is welcoming to questions outside the agenda in my experience. We, the four organizers, know very well that we aren't experts in all parts of web security and privacy. We try
, but the group of participants will add much more to the topic list.1 reply 0 retweets 3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.