ISWG Status 200811

The goals for November included publishing the working documents initially produced during the OWASP EU Summit working group sessions. Unfortunately, I was too busy this quarter to find the time to make those materials ready for public consumption. This is a priority goal for the December/January time period. Another goal of the month of November was to clear up the group charter. After some thought, I think the charter of the group should be to:

1. Contribute our security knowledge towards standards organizations 2. Act as a consumer awareness group for web application frameworks security mechanisms and browser security features 3. Serve as a platform for OWASP members who want to affect change at any of the building blocks in today's or tomorrow's web applications

It's simple and limited, and I think that's all that we can really expect. Realistically, the browsers all have strong security teams dealing with today's problems, and I think there's a niche for OWASP to fill in looking at the future for them and the community.

Also, in November a discussion on the board between members led to the creation of a Google group aiming to create an HTTPOnly standard for browser makers to follow. We are now as a group making a first cut at a standard after some deliberation, and have been in discussion with some browser vendors for feedback. This is an extremely positive and global effect. Finally, in November I participated in the ESAPI as a representative of the ISWG. The goals of December/January include:
 * Formalizing the documents from the EU Summit and publish them
 * Follow up with HTTPOnly work