definition of security is too weak #376
Labels
Comments
|
Call on 22.8.: The PR #368 needs to be updated to contain a definition. |
|
Arch call on Aug 29th: We decided to ask the PING experts for a recommendation: |
|
See PR #384. |
|
resolved by replacing it with ISO definitions in call on Sept 12 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The definition of security (currently "The system should preserve its integrity and functionality even when subject to attack.") appears (although it's a bit unclear) not to include revealing private information as a failure of security. Maintaining confidentiality of data that was intended to be kept confidential is generally considered part of security. I suspect there are likely also other topics that were omitted but should be included.
It may be preferable to link to an external definition.
(This was originally part of w3ctag/design-reviews#355 (comment) .)
The text was updated successfully, but these errors were encountered: