From e8cdbe4e8839149d960ddcdfd6910fd19dcc949b Mon Sep 17 00:00:00 2001
From: Jeni Tennison <jeni@theodi.org>
Date: Wed, 4 Feb 2015 11:32:09 +0000
Subject: [PATCH] a security considerations section

fixes #8
---
 metadata/index.html | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/metadata/index.html b/metadata/index.html
index dbf75f4e..828048aa 100644
--- a/metadata/index.html
+++ b/metadata/index.html
@@ -1696,6 +1696,18 @@ <h3>Converting Tables</h3>
         </ul>
       </section>
     </section>
+    <section>
+      <h2>Security Considerations</h2>
+      <p>
+        Applications that process tabular data may use that data to drive other actions, which may have security implications. These behaviours are outside the scope of this specification.
+      </p>
+      <p>
+        Third party metadata provided about a tabular data file (such as a CSV file) may rename or ignore headers, or exclude rows or columns, which may lead to data being misinterpreted by applications that process it.
+      </p>
+      <p>
+        <a title="template specification">Template specifications</a> are a possible security risk as they enable the creators of metadata to reference arbitrary code that may be executed to convert tabular data into other formats. Implementations should run this arbitrary code in a sandboxed environment to reduce the security risk.
+      </p>
+    </section>
     <section class="appendix">
       <h2>Acknowledgements</h2>
       <p>
@@ -1711,12 +1723,6 @@ <h3>Registration of <code>application/csvm+json</code></h3>
         </p>
       </section>
     </section>
-    <section class="appendix">
-      <h2>Security Considerations</h2>
-      <p class="issue" data-number="8">
-        TODO: General CSV security considerations.
-      </p>
-    </section>
     <section class="appendix">
       <h2>JSON-LD Context</h2>
       <p>