Talk:Summit 2011 Working Sessions/Session068
Aparently there was a collaboration link posted for the session? Can anyone put that here for reference?
I'll put my $0.02 here in the mean time.
We should make the easy stuff go away, have the hard stuff well documented, and go to where devs are. They're too busy to come to us.
What can be solved by a framework or with a mechanism like a CSP flag should be, and what can't should be documented in the framework or language docs.
Simply put, if you want to give devs security information, it needs to be in the places the devs go. That can include links to external resources for more details, but the first place the dev goes to for examples and documentation has to cover security well.
OWASP also needs to connect with publishers to further that goal.