security-guide-for-developers's People
Contributors
Stargazers
Watchers
security-guide-for-developers's Issues
Link to acceptable use policy
Processes section needs more clarity
engage early with the Technical Assurance team
ensure the service goes through a Technical Design Workshop at various milestones from the start of alpha
each service should feed into a Technical Design Authority (TDA)
Who is the Technical Assurance team? How does one engage with them? What is included in a technical design workshop? Who do I contact about setting one up? Who needs to be invited? What is it trying to achieve? What is a TDA, who is the contact, how do I get one, how many are there, how do they relate?
CESG guidance isn't specific enough to be useful for devs
https://github.com/jcavell/security-guide-for-developers/wiki/At-the-Home-Office#before-you-start
"make sure your computer adheres to CESG end user device guidance"
I think we will need to give some brief, clear, guidance about exactly what we expect from people. The CESG guidance doesn't give much guidance on how to do things, just what needs to be achieved
HOD Technical Assurance Email needed
https://github.com/jcavell/security-guide-for-developers/wiki/At-the-Home-Office#before-you-start
"you may use password management software but must contact HOD Technical Assurance team for more information first"
Please can we provide their email address?
Disagree with "only submit forms via POST, not GET"
I think there are times when a GET request on a form is more appropriate. For example when completing a search form you may want to share what you have searched on with a colleague via a link
Not sure about "consider using a typed language"
"consider using strongly typed languages e.g. Scala, Java, TypeScript"
I think we should give clearer guidance about what we expect and when in terms of language choices. Do we really want to encourage TypeScript? I'm not aware of any projects that use it. Plus Javascript knowledge is more common.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.