14 October 2008

Public Sector Browser Standards

The government's Central Office of Information (COI) document on browser standards for public web sites is undergoing consultation, but it does not mention security.

The Browser Standards Consultation is soliciting many powerful responses from the design and development community, including for example:

The initiative is nevertheless welcome but there is no information on ensuring user security in the guidance and there has been virtually no comment on this aspect from elsewhere. Whilst the document seems primarily to be discussing usability, the requirements for testing a public sector site "works in common browsers" are to check:

  • Content
  • Functionality
  • Display

I think "security" should be added here as well. The London and Scotland chapters of the Open Web Application Security Project are collaborating to produce a joint response by the 17th October deadline.

It may also be a topic that comes up in the Browser Security Working Session at OWASP's EU Summit 08 in Portugal next month. I'll be at the summit and recommend it highly to architects, designers and developers who want to build security into their web sites and applications. The working sessions and conference are an ideal place to learn about the numerous OWASP projects and initiatives. You can get involved too.

Update 16th October 2008: The OWASP UK Chapters submitted their joint response today.

Update 24th October 2008: The British Computer Society's response also discussed the need for good security in design, the effect of browser standards on security and the need for security testing.

Posted on: 14 October 2008 at 08:50 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Public Sector Browser Standards
http://www.clerkendweller.com/2008/10/14/Public-Sector-Browser-Standards
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2008/10/14/Public-Sector-Browser-Standards
Requested by 54.198.5.10 on Thursday, 10 July 2014 at 10:38 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2008-2014 clerkendweller.com