The report suggests the creation of a cross-organization activity that can take a holistic approach to security on the Web. This issue tracks the possible creation of that activity.

From the report, this activity could take the form of a W3C Community Group (free, open to all, no membership required), that could take on the following tasks:

• Document threat models on the web.
• Formulate end-user stories related to security to inform groups developing technical APIs and policy makers developing regulations.
• Align security best practices targeted at web applications.
• Review possible directions to sanitize web APIs for use in isolated contexts (compartments).
• Track specifications and vendor implementations related to security.
• Recommend new specifications to be produced and find group homes for them.
• Clarify documentation needs to inform documentation writers.
• Track and promote software supply chain approaches to ease security assessments.
• Coordinate actions on the above points with external organizations.