The Security Interest Group (SING) develops and documents guidelines, patterns, processes, and best practices for addressing security issues in Web standards.
SING supports, promotes, and structures the threat modeling for web standards and technologies. This approach can be used, along with other groups, for threats of different types such as security, privacy, and other kinds of harm. Threat modeling is a joint activity with threat experts and groups developing technology or other documentation. It can be used to get an understanding of the impact of the technology and guide its development, as well as to write Security Considerations sections.
SING provides "horizontal review", offering groups on-request guidance on security issues and mitigations specific to their technologies. SING aims to offer this review as early in the technology development lifecycle as requested, observing that early feedback is often more helpful. SING may also seek out technologies that benefit from earlier security reviews and conduct such reviews on its initiative.
-SING incubates standards work on security issues by collecting requirements, prototyping, and/or initiating the work within the IG and recommending that the W3C move the work into other groups when appropriate.
+SING identifies standardization work on security issues by collecting requirements, prototyping, and/or developing tests within the IG and recommending that the W3C move the work into other groups when appropriate.
SING may recommend mitigations for security issues in existing features of the Web platform, up to and including their deprecation.
SING may provide input to the Advisory Board on process changes that will improve security in Web standards, e.g., by establishing particular requirements or threat models for identifying and mitigating security issues in W3C Recommendations.
SING may recommend to the W3C Advisory Committee and the W3C TAG regarding the security impact of proposed standards.