canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2014-01-21: Difference between revisions
Jump to navigation
Jump to search
Security/Meetings/SecurityAssurance/2014-01-21 (view source)
Revision as of 21:49, 22 January 2014
, 22 January 2014no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda = | |||
* List of Bugzilla email addresses on GitHub; spam | |||
** [Jesse] https://bugzilla.mozilla.org/show_bug.cgi?id=218917 - Allow Bugzilla login_name != email_address, so address isn't displayed | |||
* [curtisk] Thanks everyone for helping us keep our steady rate of ~60 secreviews per quarter (details below). Let's keep it up. | |||
* Security Reports | |||
* [freddyb] Progress on "Killing Inline Scripts and Stylsheets" in chrome pages | |||
** https://wiki.mozilla.org/Security/Inline_Scripts_and_Styles | |||
** needed to apply CSP to Firefox internal webpages (ex. about:home, about:newtab), you just need to know HTML and CSS | |||
** these are good bugs to try and get community members involved in fixing them and involved in security | |||
** listed on bugsahoy.com | |||
** already we have around 5 volunteers helping with this effort | |||
*** [Jesse] Awesome. Let's tweet or blog thanking them. | |||
*** [Curtis] Freddy? can you get with me to draft up a tweet for @MozSec? | |||
*** [Jesse] "We're gradually applying CSP to Firefox's internal web pages. [link to wiki]" | |||
*** [Jesse] or "To protect against XSS attacks on Firefox's internal web pages, we are applying CSP... " | |||
*** [Jesse] "Thanks to volunteers helping with the internal-CSP effort: [twitter usernames & names of those without twitter accounts]" | |||
**** We can email them to ask if they're on Twitter. | |||
* [decoder] Question about applying CSP to individual chrome pages vs all chrome [... ?] | |||
= Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* Jan 23 psiinon - KPMG - OWASP overview (no tweet) | |||
* Jan 27 freddyb talks at "recurity labs security symposium" in beriln (no tweet) | |||
* Feb 5 psiinon - Oracle webcast (Using ZAP for automated testing) ( no tweet) | |||
* Feb 8 psiinon Manchester StudentHack (Mozilla, security, OWASP, open source) (open not sold out) http://www.studenthack.com/ | |||
= Planned Blog Posts = | |||
* [new] https://mana.mozilla.org/wiki/display/SECURITY/Security+Blog+Posts | |||
* [old]https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
= Security Review Status (curtisk) = | |||
* Completed in Q1:64 / Q2: 72 / Q3:55 / Q4:64 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly | |||
*Q1:2014 :: 7 | |||
= Metrics = | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
** https://people.mozilla.com/~sarentz/p/dashboard | |||
= Operations Security Update (Joe Stevensen)= | |||
= Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
== Firefox Core == | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||