canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-02-05: Difference between revisions
Jump to navigation
Jump to search
Security/Meetings/SecurityAssurance/2013-02-05 (view source)
Revision as of 21:09, 12 February 2013
, 12 February 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* Joe on PTO this week. Be back Monday. \o/ have fun | |||
* Gary on PTO from Feb 8 Friday (1/2 day) onwards, back Feb 19 Tuesday | |||
* curtis' chat with government folks - helping businesses understand security risks | |||
** I (ygjb) just started a security awareness discussion at OWASP | |||
* Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE | |||
* Metrics | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
** Review Security Radar Page - https://wiki.mozilla.org/Security/Radar | |||
*** working with sarentz to move this info to the dashboard | |||
* Security documentation for Firefox OS - https://security.etherpad.mozilla.org/MDN-Firefox-OS | |||
* FirefoxOS Bug Hunt: https://etherpad.mozilla.org/foxhunt | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* Raymond Forbes : Feb 27 - March 2 : Nullcon : Bug Bounty Programs | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
* Review needed https://docs.google.com/a/mozilla.com/document/d/1efAITZr77vQc9GQk8c6ErMN4VTXbMW7d2OPTVPWaM1w/edit <- doesnt allow adding comments though :( | |||
=Security Review Status (curtisk)= | |||
* Completed in Q4 2012: 50 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
* Weekly FFOS meeting notes: https://etherpad.mozilla.org/firefoxossecteammtg (pauljt) | |||
* Cool: adb locked down (pauljt) | |||
* Uncool: mozkeyboard is a thing, and it needs security love (also paul :)) (doh) | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||
==Operations Security Update (Joe Stevensen)== | |||
==Silent updates (rforbes / dveditz)== | |||
== B2G (Paul Theriault, David Chan) == | |||
==Thunderbird (Adam Muntner) == | |||
==Rust (Jesse Ruderman) == | |||
==Mobile (Mark Goodwin) == | |||
==Sync (Simon Bennetts) == | |||
==Services (Simon Bennetts & Adam Muntner) == | |||
==Jetpack, Add-on SDK, Add-on Builder (Dan Veditz) == | |||
==JS (Christian Holler) == | |||
* Added ASan support to LifoAlloc allocator in the JS engine (bug 838150) | |||
==DOM, XPConnect (Jesse Ruderman) == | |||
==Layout, Style (Jesse Ruderman) == | |||
==Automation Tools (Gary Kwong) == | |||
* ted gave some interesting tips about Breakpad / js shell / Windows | |||
==Web Developer Tools (Mark Goodwin) == | |||
== Networking (Christoph Diehl) == | |||
* Working on STUN | |||
== Media / Graphics (Christoph Diehl) === | |||
* No update | |||
== Peach (Christoph Diehl / Raymond Forbes) === | |||
* No update | |||
== Market (Raymond Forbes) == | |||
==Firefox APIs (Raymond Forbes) == | |||
==Payment Flow (Raymond Forbes) == | |||
==Dynamic API Security Model (Raymond Forbes) == | |||
==WebRT (Raymond Forbes) == | |||
==BrowserID == | |||
== Identity Services (David Chan) == | |||
==Addons.M.O (Raymond Forbes) == | |||
==Bugzilla.M.O (Mark Goodwin & Eric Parker) == | |||
==Mozillians (Raymond Forbes) == | |||
==MDN (Raymond Forbes) == | |||
==SUMO (Kitsune) () == | |||
== AddressSanitizer (Christian Holler) == | |||
* Bug for getting tests on ASan builds: https://bugzilla.mozilla.org/show_bug.cgi?id=831491 | |||
** Now includes blockers (e.g. current test failures) | |||