Web Platform: What are we working on?

Happenings

W3C's Security Lead Simone Onofri holds a breakout session on "Threat Model for the Web" in the context of browsers.

Add to calendar

Event details

Date:
Central European Summer Time
UTC
Location:
A Coruña, Spain (hybrid event, register for free)
Speakers:
Simone Onofri, W3C Security Lead
Host:
Igalia
Category:
Security
Website:
Web Engines Hackfest 2025

At W3C, we are creating a "Threat Model for the Web". In this context, user agents par excellence—such as browsers—are an important element of the Web Platform.

One of the simplest (but not easiest) ways to create a Threat Model is to use Shostack's “4 Question Frame”:

  1. What are we working on?
  2. What can go wrong?
  3. What are we going to do about it?
  4. Did we do a good job?

So the purpose of the session is to first prepare the answer to the first question by collaboratively creating a Data Flow Diagram (DFD) of the Web Platform.