Alex Russell Retweeted Justin Schuh
This sort of thing is why I keep asking teams that want to ship stuff in this space for a threat model and considered alternatives. You won't catch everything with modeling, but you'll absolutely miss more if you don't do the exercise.https://twitter.com/justinschuh/status/1220021377064849410 …
Alex Russell added,
Justin Schuh @justinschuh
To add some context, Chrome's XSS Auditor was found to introduce exactly the same class of side-channel vulnerabilities. After several back and forths with the team that discovered the issue, we determined that it was inherent to the design and had to remove the code.
Show this thread
0 replies
1 retweet
8 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.