canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-07-16: Difference between revisions
Jump to navigation
Jump to search
Security/Meetings/SecurityAssurance/2013-07-16 (view source)
Revision as of 19:30, 17 July 2013
, 17 July 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* [mcoates] Summit - book your travel <-aka submit to google form that might go to phishers | |||
* https://docs.google.com/a/mozilla.com/forms/d/13RYSEuuIPf-atUUvwz_9VozcyOUQSxH5X3PCGubJ1p0/viewform?pli=1 | |||
* [mcoates] Team meetup - book your flight | |||
* Remote Worker Guidelines | |||
** https://mana.mozilla.org/wiki/display/WPR/Remote+Worker+Guidelines | |||
** Etherpad for questions: https://security.etherpad.mozilla.org/RemoteWorkerGuidelines | |||
* [ygjb] my team goals need to be updated :/ | |||
* [curtis / psinnon] Proposed verification changes | |||
** https://wiki.mozilla.org/Security/Web_Bug_Rotation#Proposed_enhancement_to_the_process | |||
** [question: track in meta bugs?] -> yes | |||
** [question: tools to start with?] -> Minion, ZAP (with zest) | |||
* [curtis] Bug tags | |||
** risk ranking: steadily rising even with changes to process from SF work week where we got rid of number and went to Low/Med/High/Critical structure | |||
*** https://wiki.mozilla.org/Security/RiskRatings#What_Scores_Mean | |||
*** whiteboard tag [score:low], [score:med] [score:high], [score:crit] <- short-form? capitalization? (short forms should work fine and I don't think bugzilla cares about caps) | |||
** deadline: remains mostly parallel to new incoming bug rate | |||
** Could this work as a goal - ensure at end of each week all your bugs are scored? I think the problem here is there's the intent to do it but no accountability | |||
** Recommend a BROWNBAG where expectations for marking bugs are clearly set and questions are asked/answered | |||
** Action Item [Curtis] - Enhance documentation so a new person could properly complete without need to ask anyone else questions on the process. E.g step 1: do this, step 2: if X then do y... | |||
* [yvan] Intro Jacob | |||
* [yvan] Conferences | |||
** BlackHat | |||
** AppSecEU | |||
** AppSecUSA | |||
* Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdGVNXzUxZkJ0WHJPNG0wMDF3ODF6REE | |||
* Metrics | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
** https://people.mozilla.com/~sarentz/p/dashboard | |||
* Security Reports | |||
* Upcoming PTO (do not put on wiki, DNT) | |||
** Stefan will be on PTO next week and then at a conference the week after - limited availability first week. | |||
** dchan - PTO Aug 8 / 9 | |||
** [joes] - Jul 19 | |||
** [cr] PTO Jul 19-23, Aug 5-9 | |||
** [freddyb] PTO Jul 19,26 & Aug 2 (three Fridays) | |||
** [ulfr] PTO Jul 26 | |||
* [PT] - Need to figure out a new time for the Firefox OS meeting - Dooooodle http://www.doodle.com/2dz4fyztax9zvfyp#table | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* | |||
* | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
=Security Review Status (curtisk)= | |||
* Completed in Q1:64 / Q2: 72 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly (12) | |||
=Operations Security Update (Joe Stevensen)= | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
* [cr] Have a working SIM card read/write setup. | |||
== Firefox Core == | |||
* [cr] Florian Boehl (PhD cand. Cryptography) might volunteer-help with writing PRNG tests. Interesting enough to push this? (Let's not be the next Cryptocat / Debian.) | |||
== MarketPlace == | |||
* [cr] bi-weekly meeting between Marketplace and Security initiated | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||