Live sessions

Three live sessions were scheduled on 26-27-28 September 2023 to discuss selected position papers and converge on a common understanding of whether and how things may progress from a standardization perspective.

Live session 1: Supply Chain Security
Live session 2: Javascript Security
Live session 3: Developer Awareness

The calls were open to all invited workshop participants.

Discussion notes for the live sessions are available.

Familiarity with selected position papers was recommended. Presentations of the papers during the live sessions were short. We rather asked participants to take an active role and help shape next steps for each of the topics.

To help guide next steps, the program committee encourages you to capture needs, questions and suggestions for standardization work linked to the topics discussed during the live sessions through issues in the w3c/secure-the-web-workshop GitHub repository

Live session 1: Supply Chain Security

When: Tuesday 26 September 2023 - 15:00 UTC - 2h (see local time conversion)
See discussion notes.

15:00–15:10 Context for the workshop
- Securing software development and deployment platforms
- Results of the Web Security Developer Experience Short Survey run on MDN in May 2023
15:10–15:15 Session intro - Supply Chain Security
15:15–16:00 Paper presentations and quick Q&A
Software Bill of Materials for web frontends (Jan Kowalleck)
Establish Standards to Support Web Access to SBOM Data (Gary O'Neall)
Source Code Transparency (Daniel Huigens)
16:00–16:10 Break
16:10–16:55 Open discussion
16:55–17:00 Next steps

Live session 2: JavaScript Security

When: Wednesday 27 September 2023 - 15:00 UTC - 2h (see local time conversion)
See discussion notes.

15:00–15:05 Introduction - Setting the context
15:05–15:35 Hardening JavaScript - paper presentations and quick Q&A
Applying Hardened Javascript to supply chain security for a proactive approach (Zbyszek Tenerowicz)
JavaScript realms used to bypass and eliminate web apps security tools - A problem with a WIP solution (Gal Weizman)
15:35–16:10 Open discussion on hardening Javascript
16:10–16:20 Break
16:20–16:35 Cookies - paper presentation and quick Q&A
Open discussion on cookies and JavaScript security (Artur Janc)
16:35–16:55 Open discussion on cookies and JavaScript security
16:55–17:00 Next steps

Live session 3: Developer Awareness

When: Thursday 28 September 2023 - 15:00 UTC - 2h (see local time conversion)
See discussion notes.

15:00–15:05 Introduction - Setting the context
15:05–15:50 Paper presentations and quick Q&A
Can securing jQuery help secure the Web forward? (Tobie Langel)
- View paper
- View talk
Documentation for web security education (Florian Scholz)
Roadmap planning for a JavaScript security framework (Joe Sepi, Ben Sternthal)
15:50–16:00 Break
16:00–16:50 Open discussion
16:50–17:00 Concluding the workshop