add guidelines for stage 3 reviewers that includes a mention of security review

Question

add guidelines for stage 3 reviewers that includes a mention of security review

Opened this issue 6 years ago · 2 comments

At the Nov 2018 breakout session, we thought it might be valuable for stage 3 reviewers to have guidelines for what to consider during review. We could encourage them to consider security by including it in the guidelines. @natashenka has offered to put together a PR for the process document that would include this section, then present it to the committee at a future meeting.

Answer 1 · 2018-11-29T01:20:55.000Z

This sounds like a great addition to tc39/process-document#18 :-D "Security" could be one of the risk areas defined at an early stage, that's evaluated as part of stage 3.

Answer 2 · 2023-06-26T22:39:45.000Z

The W3C (https://www.w3.org/TR/security-privacy-questionnaire/) and IETF (https://datatracker.ietf.org/doc/html/rfc3552) each have security consideration guidelines. We can take inspiration from these documents.