Thanks for the chat just now https://www.mediawiki.org/wiki/Architecture_meetings/Security_guidelines_dis... - summary and full logs are up. Chris now has several TODOs to improve the draft, including maybe splitting out some details onto other pages.

For each of the security principles, we need good and bad past examples of what Wikimedia/MediaWiki has done. Where we've succeeded, where we've fallen down. Chris has assembled several, but:

* we still need a past example of how Wikimedia (doesn't HAVE to be MediaWiki specifically) screwed up on "Secure (fail-safe) defaults" -- hopefully we've since fixed it! * we still need a positive example of where we've created a simple design, implementation, or interface whose simplicity guards against future errors or attacks. Suggestion: "HTMLForm, while incredibly complex, has a relatively simple interface for security, i.e., built-in CSRF tokens and validation."

If you can, comment on the talkpage: https://www.mediawiki.org/wiki/Talk:Security_for_developers/Architecture