In this episode, Dan Applequist of Samsung explores the intersection of open source security and web development. Drawing from his extensive experience with the World Wide Web Consortium (W3C) and initiatives like Open Source Security Foundation (OpenSSF) and C2PA, Dan discusses the challenges and opportunities of uniting the open source security community with web developers. Emphasis is placed on the critical importance of mobile security, considering the sensitive information on mobile devices and industry best practices such as OWASP guidelines. The conversation also highlights the importance of security education, referencing resources like OpenSSF Security 101 and OWASP's global meetups. Additionally, media authenticity through protocols like C2PA and the role of organizations such as the BBC in this domain are discussed. The episode concludes with recommendations for developers to enhance their security practices through continuous learning and community engagement.
00:00 Introduction
00:25 Dan's Role at Samsung and Open Source Contributions
00:45 Web Standards and Privacy Initiatives
04:20 Bridging Web Development and Open Source Security
08:08 Challenges in Web and Mobile Security
09:26 The Importance of Mobile Security
11:40 Threat Models and Security Concerns
12:05 Protecting Yourself and Your Data
12:38 Web Security Best Practices
13:46 Challenges for Web Developers
15:28 Open SSF and W3C Collaboration
17:36 Expanding Security Education
19:44 The Importance of Media Authenticity
22:25 Final Thoughts and Future Discussions
Resources:
- W3C SWAG Group: https://www.w3.org/community/swag/ - and GitHub repo https://github.com/w3c-cg/swag with meeting minutes
- Last year's W3C / OpenSSF/ OWASP / OpenJS "Secure the Web Forward" workshop: https://www.w3.org/2023/03/secure-the-web-forward/ (includes videos of all talks and workshop report)
- W3C Ethical Web Principles https://www.w3.org/TR/ethical-web-principles/
- W3C Privacy Principles https://www.w3.org/TR/privacy-principles/
- W3C Security & Privacy self-check https://www.w3.org/TR/security-privacy-questionnaire/
Guest:
Dan Appelquist is Open Source Strategist at Samsung Open Source Group. He is a web & mobile industry veteran and long-time participant and leader in open source and open standards. He has been co-chair of the W3C Technical Architecture Group for the last ten years. He was an early web pioneer and "dot-com CTO." He's led efforts at Vodafone, Telefónica, Samsung and the UK Government relating to open standards and the open web. You may find him on the Fediverse at @torgo@mastodon.social.