canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-08-06: Difference between revisions
Jump to navigation
Jump to search
Security/Meetings/SecurityAssurance/2013-08-06 (view source)
Revision as of 12:15, 7 August 2013
, 7 August 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* [yeukhon] Minion's next-generation documentation | |||
** https://minion-yeukhon.readthedocs.org/en/latest/ (feedback, plz! <3) | |||
* Bonus - info went out. any questions on it? | |||
* Peach | |||
** https://blog.mozilla.org/blog/2013/07/30/mozilla-continues-to-build-the-web-as-a-platform-for-security/ | |||
** We'll write on the security blog once we've actually released the tool and/or have some bugs to show | |||
** press misread TechCrunch's post (which one?) | |||
***http://www.smartcompany.com.au/information-technology/056792-firefox-os-developer-mozilla-forges-security-collaboration-with-blackberry.html | |||
***answer: http://techcrunch.com/2013/07/30/mozilla-launches-minion-automated-security-testing-platform-collaborates-with-blackberry-to-secure-browsers/ | |||
*** forwarded to Press to reach out with clarification | |||
* Team meetup Update | |||
** Need an owner for the schedule - yvan volunteers | |||
** Last call for proposed sessions | |||
** OWASP Event (Monday Evening) | |||
** Security Researchers who found Persona bugs coming to give a talk (where?) | |||
* Research ideas for Yeuk Hon: https://security.etherpad.mozilla.org/research-ideas | |||
* [psiinon] Plug-n-Hack | |||
** A project to make browsers and [web app?] security tools work better together | |||
** "Plug-n-hack" and "Plug-n-hack contacts" added to shared dirve | |||
** Feel free to add more contacts, add comments etc etc | |||
* [mgoodwin] BREACH and Django | |||
** https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ | |||
* [ulfr] BREACH and Mozilla https://bugzilla.mozilla.org/show_bug.cgi?id=902114 | |||
* Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdGVNXzUxZkJ0WHJPNG0wMDF3ODF6REE | |||
** 1/3 through the quarter. Are your goals up to date? | |||
* Metrics | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
** https://people.mozilla.com/~sarentz/p/dashboard | |||
* Tor bundle exploit (Sunday) | |||
** Heated discussion on security-group touches on sandboxing; how we interact with the Tor team; ... (there is no real sandboxing on b2g, at least until 1.2. Currently shipped version is 1.0.1) | |||
** We (and developers) scrambled to figure out what versions of Firefox were affected. Our communication during this period included https://blog.mozilla.org/security/2013/08/04/investigating-security-vulnerability-report/ | |||
* Keeping up with Mozilla News | |||
** Planet - planet.mozilla.org | |||
** Main mozilla blog - blog.mozilla.org | |||
** Mitchell's blog - lizardwrangler.com | |||
** Brendan's blog - brendaneich.com | |||
* Security Reports | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
*[mgoodwin] OWASP Louisville 30-Aug something Firefox OS apps something (remote) | |||
* Limerick OWASP day - psiinon on ZAP stuff, mgoodwin on Firefox OS apps stuff (28-31 Oct) | |||
* Raymond, OWASP Canada (from Vancouver), 2013-08-07 | |||
* Yvan, Minion at VanCitySec, 2013-08-07 | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
=Security Review Status (curtisk)= | |||
* Completed in Q1:64 / Q2: 72 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly | |||
=Operations Security Update (Joe Stevensen)= | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
== Firefox Core == | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||
* http://breachattack.com/ (BREACH) | |||
* we have a document that explains it as well (https://bugzilla.mozilla.org/show_bug.cgi?id=902114) | |||