canmove, Confirmed users
1,220
edits
SecurityEngineering/Newsletter: Difference between revisions
Jump to navigation
Jump to search
Undo revision 1168635 by Ptheriault (talk)
Ptheriault (talk | contribs) (Update for q1 2017 (dump from google doc)) |
Ptheriault (talk | contribs) (Undo revision 1168635 by Ptheriault (talk)) |
||
| Line 1: | Line 1: | ||
= | =Q4 2016 Summary= | ||
Q4’16 was a period of significant change for the security engineering org at Mozilla. Further consolidating the team additions from Q2, security engineering is now united under Selena Deckelmann and reporting into the Firefox team. While our focus continues to cover both front-end and platform, the shift in org is helping to improve ties with the Firefox team and is already bringing results increased collaboration. | Q4’16 was a period of significant change for the security engineering org at Mozilla. Further consolidating the team additions from Q2, security engineering is now united under Selena Deckelmann and reporting into the Firefox team. While our focus continues to cover both front-end and platform, the shift in org is helping to improve ties with the Firefox team and is already bringing results increased collaboration. | ||
Q4 was largely heads down making progress on multi-quarter projects but there are some important milestones to point out: | |||
* Shipped SHA-1 deprecation options in FF51 | * Shipped SHA-1 deprecation options in FF51 | ||
| Line 41: | Line 39: | ||
* Content Security Policy | * Content Security Policy | ||
** “strict-dynamic” implemented in Firefox 52, new feature in CSP to aid developers in adoption and creation of effective policies | ** “strict-dynamic” implemented in Firefox 52, new feature in CSP to aid developers in adoption and creation of effective policies | ||
** "require-sri-for" directive, to enforce Subresource Integrity (SRI) through CSP | |||
* Sandbox Hardening | * Sandbox Hardening | ||
** Initial audit of Message Manager and IPDL protocols, work continuing in Q1 | ** Initial audit of Message Manager and IPDL protocols, work continuing in Q1 | ||
| Line 50: | Line 49: | ||
** Landed support for Safebrowsing V4 (pref’d off) in FF53 | ** Landed support for Safebrowsing V4 (pref’d off) in FF53 | ||
** On target for switching to V4 support by default in 2017 | ** On target for switching to V4 support by default in 2017 | ||
* Cookies | |||
** Collaborated with the networking team to land support for the "Strict Secure Cookies" spec ({{bug|976073}}). Will ship in Firefox 52. | |||
==Fuzzing== | ==Fuzzing== | ||
| Line 69: | Line 70: | ||
* CA Program | * CA Program | ||
** Over 2600[https://wiki.mozilla.org/CA:SubordinateCAcerts intermediate certificates] disclosed in the [https://wiki.mozilla.org/CA:CommonCADatabase Common CA Database]; over 230 [https://wiki.mozilla.org/CA:RevokedSubCAcerts revoked intermediate certificates] added to [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] | ** Over 2600[https://wiki.mozilla.org/CA:SubordinateCAcerts intermediate certificates] disclosed in the [https://wiki.mozilla.org/CA:CommonCADatabase Common CA Database]; over 230 [https://wiki.mozilla.org/CA:RevokedSubCAcerts revoked intermediate certificates] added to [https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ OneCRL] | ||