Question/discussion about CWE-830: Inclusion of Web Functionality from an Untrusted Source

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Question/discussion about CWE-830: Inclusion of Web Functionality from an Untrusted Source

Kurt Seifried
Can we define what untrusted means here, e.g. untrusted by the people serving the web page, or untrusted by the people using the web page, or both? The reason I ask is e.g. https://news.ycombinator.com/item?id=15442636 they could say "we trust this party, they are secure, to bad" while a user might rightly choose not to trust it (and use a browser extension to block it). 


--
Kurt Seifried
[hidden email]
To unsubscribe, send an email message to [hidden email] with SIGNOFF CWE-RESEARCH-LIST in the BODY of the message. If you have difficulties, write to [hidden email].