-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can we help CSP gain more adoption with Web Developers #3
Comments
this is also a point for WebAppSec @ TPAC and from minutes:
|
Also noting that there is CSP content in the 121 free course that OpenSSF provides: https://training.linuxfoundation.org/training/developing-secure-software-lfd121/ Maybe that could be one way to help drive CSP adoption. |
Yes, documentation and training are both important. Maybe we can use W3Cx, too. @marieforgue, can you explain how it works? |
We need a course proposal listing the rationale, the content outline, the teacher(s)/trainer(s) profile(s), a budget (p/m), the timeline, etc. |
Hi! Perhaps a philosophical question around how this issue title is phrased-- have we all decided that having courses is the best way forward for getting more developer mind share for adopting CSP? I think a course is a wonderful idea, but at the same time, I wonder what other ideas we can throw on the wall here-- for instance, one that I would like to see happen is increasing the number of frameworks that make it easy to have a low-to-no-config safe-by-default CSP enforcement option to simplify some of the complexity (that we need a course to clarify). |
I think you is a wonderful idea, framework and education as a "pincer". I am collecting some feedback from the broader community: there are often inline things and developers needs to understand how to manage in a seamless way (no-code?) [the indicator is when we found unsafe-inline and unsafe-eval] and how to hash quickly the scripts. |
There was a paper from 2020 https://publications.cispa.saarland/2986/1/roth2020csp.pdf (ref from @simoneonofri). There's documentation out there e.g. on MDN. There are tools out there. So what is missing to help CSP gain more adoption with web developers?
The text was updated successfully, but these errors were encountered: