|
|
| Line 36: |
Line 36: |
| * We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]] | | * We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]] |
| * [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]] | | * [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]] |
| ====[[Security/Radar|Security Radar]]====
| |
|
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! Unlinked Reviews
| |
| |-
| |
| |
| |
| * [[Security/Reviews/Mobile/AndroidSystemStorage| Android System Storage]]
| |
| * [[Security/Firefox/WebAPI/WebBattery| WebBattery]]
| |
| * [[Security/Reviews/BrowserIDCAPI| BrowserID C API]]
| |
| * [[Security/Reviews/crossoriginAttribute|Add crossorigin attribute]]
| |
| * [[Security/Reviews/Firefox10/SyncDialogue|Sync Dialogue]]
| |
| * [[Security/Reviews/JetPack2011-20/12 | JetPack 2011-10-12]]
| |
| * [[Security/Reviews/XHRnonpost| XHR non-post rewrite]]
| |
| * [[Security/Reviews/StubInstaller|Stub Installer]]
| |
| * [[Labs/Weave/Sync Client Security Review|Sync Client]]
| |
| * [[Firefox Sync/Weave 1.3b5 Client Security Review|Weave 1.3b5 Client]]
| |
| * [[Security/Reviews/DNSSEC-TLS|DNSSEC-TLS]]
| |
| * [[Security/Reviews/OWA-F1|Web Activities & F1]]
| |
| * [[Security/Reviews/ReviewNotes/MouseLock|MouseLock]]
| |
| * [[Security/Reviews/ReviewNotes/Joystick|Joystick]]
| |
| |}
| |
|
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! Unlinked Discussions
| |
| |-
| |
| |
| |
| * [[Security/Discussions/WebRTC|WebRTC]]
| |
| |}
| |
|
| |
|
| ===Security Feature Development=== | | ===Security Feature Development=== |
| We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the [[SecurityEngineering]] page for more info! | | We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the [[SecurityEngineering]] page for more info! |
|
| |
| === Security Initiatives ===
| |
|
| |
| *[[Security/TeamEmbedding]]
| |
| *Prioritizing and driving non-feature work: [[Security/Driving]]
| |
| * [https://wiki.mozilla.org/Security/OpenMic Open Mic Sessions]
| |
| *[[Security/Training]]
| |
|
| |
| === Security Resources and Blogs ===
| |
|
| |
|
| ==== Mozilla Official Sites ==== | | ==== Mozilla Official Sites ==== |
| Line 82: |
Line 45: |
| * [[CA|Mozilla CA Root Program]] | | * [[CA|Mozilla CA Root Program]] |
| * [http://blog.mozilla.com/security Mozilla Security blog] | | * [http://blog.mozilla.com/security Mozilla Security blog] |
| * [http://blog.mozilla.com/webappsec Mozilla WebApp Sec Blog]
| |
| * [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps] | | * [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps] |
|
| |
|
| Line 103: |
Line 65: |
| * [https://twitter.com/mozwebsec Mozilla Web Security] | | * [https://twitter.com/mozwebsec Mozilla Web Security] |
| * [https://twitter.com/jruderman Jesse Ruderman] | | * [https://twitter.com/jruderman Jesse Ruderman] |
| * [https://twitter.com/ygjb Yvan Boily]
| |
| * [https://twitter.com/dveditz Daniel Veditz] | | * [https://twitter.com/dveditz Daniel Veditz] |
| * [https://twitter.com/gh_rooster Raymond Forbes] | | * [https://twitter.com/gh_rooster Raymond Forbes] |
| * [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets) | | * [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets) |
| * [https://twitter.com/kangsterizer Guillaume Destuynder] | | * [https://twitter.com/kangsterizer Guillaume Destuynder] |
| * [https://twitter.com/jstevensen Joe Stevensen]
| |
| * [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff) | | * [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff) |
| * [https://twitter.com/mozdeco Christian Holler (decoder)] | | * [https://twitter.com/mozdeco Christian Holler (decoder)] |
| Line 125: |
Line 85: |
| * [https://twitter.com/alexanderfowler Alex Fowler] | | * [https://twitter.com/alexanderfowler Alex Fowler] |
| * [https://twitter.com/imelven Ian Melven] | | * [https://twitter.com/imelven Ian Melven] |
| | * [https://twitter.com/ygjb Yvan Boily] |
| | * [https://twitter.com/jstevensen Joe Stevensen] |
|
| |
|
| ==== OWASP Projects and chapters ==== | | ==== OWASP Projects and chapters ==== |
| The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]: | | The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]: |
| * [https://www.owasp.org/index.php/User:Curtis_Koenig Curtis Koenig] - [https://www.owasp.org/index.php/Louisville Louisville] Chapter leader
| |
| * [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader | | * [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader |
| * Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader | | * Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader |
| * [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader | | * [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader |
| * [https://www.owasp.org/index.php/User:Yvan_Boily Yvan Boily] - [https://www.owasp.org/index.php/Vancouver Vancouver] Chapter leader
| |
| Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.
| |
|
| |
|
| ==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ==== | | ==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ==== |
| * [[Security/OtherSecurityResources| Other Security Resources]] | | * [[Security/OtherSecurityResources| Other Security Resources]] |
|
| |
| <h3>Stuff that needs to be merged into this page properly</h3>
| |
|
| |
| === Meeting Notes ===
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! Meetings
| |
| |-
| |
| |
| |
| * [[Security/Meetings/SecurityAssurance|Security Assurance]]
| |
| * [[Security/AppSecBiweekly|AppSec Bi Weelky]]
| |
|
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! SecTeam Meetings 2012
| |
| |-
| |
| |
| |
| * [[Security/Meetings/2012-02-01|2012-02-01]]
| |
| * [[Security/Meetings/2012-01-25|2012-01-25]]
| |
| * [[Security/Meetings/2012-01-18|2012-01-18]]
| |
| * [[Security/Meetings/2012-01-11|2012-01-11]]
| |
| * [[Security/Meetings/2012-01-04|2012-01-04]]
| |
| |}
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! SecTeam Meetings 2011
| |
| |-
| |
| |
| |
| * [[Security/Meetings/2011-12-28|2011-12-28]]
| |
| * [[Security/Meetings/2011-12-21|2011-12-21]]
| |
| * [[Security/Meetings/2011-12-07|2011-12-14]]
| |
| * [[Security/Meetings/2011-12-07|2011-12-07]]
| |
| * [[Security/Meetings/2011-11-30|2011-11-30]]
| |
| * [[Security/Meetings/2011-11-23|2011-11-23]]
| |
| * [[Security/Meetings/2011-11-16|2011-11-16]]
| |
| * [[Security/Meetings/2011-11-09|2011-11-09]]
| |
| * [[Security/Meetings/2011-11-02|2011-11-02]]
| |
| * [[Security/Meetings/2011-10-26|2011-10-26]]
| |
| * [[Security/Meetings/2011-10-19|2011-10-19]]
| |
| * [[Security/Meetings/2011-10-12|2011-10-12]]
| |
| * [[Security/Meetings/2011-10-05|2011-10-05]]
| |
| * [[Security/Meetings/2011-09-28|2011-09-28]]
| |
| * No meeting on 9/14 (All Hands) or 9/21 (Fuzzing Work Week)
| |
| * [[Security/Meetings/2011-09-07|2011-09-07]]
| |
| * [[Security/Meetings/2011-08-31|2011-08-31]]
| |
| * [[Security/Meetings/2011-08-24|2011-08-24]]
| |
| * [[Security/Meetings/lifecycledisc|Life Cycle discussion]]
| |
| * [[Security/Meetings/2011-08-17|2011-08-17]]
| |
| * [[Security/Meetings/2011-08-10|2011-08-10]]
| |
| * [[Security/Meetings/2011-07-27|2011-07-27]]
| |
| * [[Security/Meetings/2011-07-20|2011-07-20]]
| |
| * [[Security/Meetings/2011-07-13|2011-07-13]]
| |
| * [[Security/Meetings/2011-07-06|2011-07-06]]
| |
| * [[Security/Meetings/2011-06-29|2011-06-29]]
| |
| * [[Security/Meetings/2011-06-22|2011-06-22]]
| |
| * [[Security/Meetings/2011-06-15|2011-06-15]]
| |
| * [[Security/Meetings/2011-06-08|2011-06-08]]
| |
| * [[Security/Meetings/2011-06-01|2011-06-01]]
| |
| |}
| |
|
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! Joint Secteam-Infrasec Meetings 2012
| |
| |-
| |
| |
| |
| * [[Security/Meetings/2012-01-12|2012-01-12]]
| |
| |}
| |
| {| class="wikitable collapsible collapsed" style="width: 100%"
| |
| ! Joint Secteam-Infrasec Meetings 2011
| |
| |-
| |
| |
| |
|
| |
| * [[Security/Meetings/2011-12-15|2011-12-15]]
| |
| * [[Security/Meetings/2011-11-17|2011-11-17]]
| |
| * [[Security/Meetings/2011-10-06|2011-10-06]]
| |
| * [[Security/Meetings/2011-09-08|2011-09-08]]
| |
| * [[Security/Meetings/2011-08-25|2011-08-25]]
| |
| * [[Security/Meetings/2011-08-11|2011-08-11]]
| |
| * [[Security/Meetings/2011-07-28|2011-07-28]]
| |
| * [[Security/Meetings/2011-06-16|2011-06-16]]
| |
| |}
| |
| |}
| |