Hi Everyone,
I'd like to invite anyone interested to join in on a secure coding documentation sprint on Friday of this week (Dec 21st), from 11:30am - 12:30pm PST (19:30-20:30 UTC). If you're interested in joining, but can't make that specific time, let me know and we may hold more of these if there's interest.
The goal of this sprint is to both help anyone who is interested learn about some specific security vulnerabilities, and update our documentation so that new developers can avoid these issues in the future.
On Friday, I would like to address a couple of topics where we have very little documentation: * DOM-based XSS, and writing secure client side code. Closely related is general security for gadget developers. * Protecting private information (i.e., when do developers need to check if data has been deleted / suppressed)
We'll spend a little time talking about each subject (and some specific issues we've seen recently), and I'll have a rough article outline in an etherpad. Then I would like everyone's help fleshing out the documents so they are clear and informative for other developers of all skill levels.
I'll have both a google hangout for video, and an audio line for anyone who prefers to avoid closed technology. If you want to dial in, please let me know so I can get you a phone number in advance.
Chris