This is an open ended question for discussion.
To what extent does having open standards for web security enhance
reliable security? Is it better to have transparent standards for
browser security, etc. than to obscure security requirements?
I don't have a lot of information on this topic, so I don't have a
great deal to contribute initially to the conversation, but am hoping
that there are members on the list with more experience, expertise
that they would like to contribute to a discussion.