Difference between revisions of "Summit 2011 Working Sessions/Session004"

Revision as of 20:35, 25 January 2011

Enduser Warnings
Please see/use the 'discussion' page for more details about this Working Session
Working Sessions Operational Rules - Please see here the general frame of rules.

WORKING SESSION IDENTIFICATION

Short Work Session Description

Related Projects (if any)

Email Contacts & Roles

Chair
John Wilander @

Operational Manager
John Wilander @

Mailing list
https://groups.google.com/group/owasp-summit-browsersec

WORKING SESSION SPECIFICS
Objectives	Clearly there is a need for warnings that users understand and that conveys the right information. Perhaps we can agree on some guidelines or at least exchange lessons learned. How should browsers signal invalid SSL certs to the enduser? Are we helping security right now? What to do about 50 % of users clicking through warnings? Mozilla replaces the padlock with a site identity button i Firefox 4. "Larry" will inform the user of the site's status. Google recently tried out a skull & bones icon for bad certs but moved back to padlocks again. How should browsers communicate other kinds of information such as privacy, malware warnings, "not visited before" etc? Forbes had an interesting example of how to visualize privacy.
Venue/Date&Time/Model	Venue/Room OWASP Global Summit Portugal 2011	Date & Time Tuesday, 09 February Time: TBA	Discussion Model The working form will most probably be short presentations to frame the topic and then round table discussions. Depending on number of attendees we'll break into groups.

WORKING SESSION OPERATIONAL RESOURCES
Projector, whiteboards, markers, Internet connectivity, power

WORKING SESSION ADDITIONAL DETAILS

Some additional information, thoughts and discussions on these subjects elsewhere:

WORKING SESSION OUTCOMES / DELIVERABLES
Proposed by Working Group	Approved by OWASP Board
Browser Security Report	After the Board Meeting - fill in here.
Browser Security Priority List	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.
	After the Board Meeting - fill in here.

(Add you name by clicking "edit" on the tab on the upper left side of this page)

WORKING SESSION PARTICIPANTS
Name	Company	Notes & reason for participating, issues to be discussed/addressed
John Wilander @
Michael Coates
Colin Watson

</includeonly>

@@ Line 167: / Line 167: @@
 |summit_session_deliverable_name1 =  Browser Security Report
-|summit_session_deliverable_url_1 =
 |summit_session_deliverable_name2 = Browser Security Priority List
-|summit_session_deliverable_url_2 =
 |summit_session_deliverable_name3 =
-|summit_session_deliverable_url_3 =
 |summit_session_deliverable_name4 =
-|summit_session_deliverable_url_4 =
 |summit_session_deliverable_name5 =
-|summit_session_deliverable_url_5 =
 |summit_session_deliverable_name6 =
-|summit_session_deliverable_url_6 =
 |summit_session_deliverable_name7 =
-|summit_session_deliverable_url_7 =
 |summit_session_deliverable_name8 =
-|summit_session_deliverable_url_8 =
 |-