Security/Meetings/SecurityAssurance/2013-03-26: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}")
 
No edit summary
 
Line 1: Line 1:
{{SecAssuranceMeetingInfo}}
{{SecAssuranceMeetingInfo}}
{{TOC right}}
{{TOC right}}
=Agenda=
* Goals - Please keep status up to date -  https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE
* Metrics
** https://security-review-statistics.vcap.mozillalabs.com/
** Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
* Friday is a holiday in Canada and Germany has Friday and Monday off
** UK too - yep
* AMA tomorrow - https://etherpad.mozilla.org/security-ama
** Starts at 6:00 PDT
* parker etd apr12th
=Upcoming Speaking Engagements=
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
* [psiinon] March 28 OWASP LatAm Q&A
* [psiinon] March 28 pauldotcom interview?++
* [psiinon] April 3 OWASP LatAm Q&A
* [mgoodwin] April 10 - Sheffield Hallam University - guest lecture to sec. and software engineering undergrads (The Trouble with Passwords - or, Why you should use Persona0)
=Planned Blog Posts=
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c
=Security Review Status (curtisk)=
* Completed in Q4 2012: 50 << 63 this Quarter (Q1-2013)
https://security-review-statistics.vcap.mozillalabs.com/weekly
=Operations Security Update (Joe Stevensen)=
=Project Updates =
Please add your name to the update so we know who to follow up with
== Firefox Desktop ==
== Firefox Mobile ==
== Firefox OS ==
* packaged app orgins (bug 852720)
** current postmessage auth flow is insecure due to unknown origins
** "origins" may not match up with domain manifest / app is served from
** proposed solutions
*** special app://<uri>
*** sign apps with origin field
== Firefox Core ==
* [decoder] JS Fuzzing for bug 837312 (requested)
* [decoder, gkw] Bug 829602 (ParallelArray self-hosting) regressed m-c in several ways, bugs filed
** Bug 854807 also caused recent instability
== MarketPlace ==
== Web Apps ==
== Services ==
== Operation Security ==

Latest revision as of 19:57, 2 April 2013


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

  • [psiinon] March 28 OWASP LatAm Q&A
  • [psiinon] March 28 pauldotcom interview?++
  • [psiinon] April 3 OWASP LatAm Q&A
  • [mgoodwin] April 10 - Sheffield Hallam University - guest lecture to sec. and software engineering undergrads (The Trouble with Passwords - or, Why you should use Persona0)

Planned Blog Posts

Security Review Status (curtisk)

  • Completed in Q4 2012: 50 << 63 this Quarter (Q1-2013)

https://security-review-statistics.vcap.mozillalabs.com/weekly

Operations Security Update (Joe Stevensen)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

  • packaged app orgins (bug 852720)
    • current postmessage auth flow is insecure due to unknown origins
    • "origins" may not match up with domain manifest / app is served from
    • proposed solutions
      • special app://<uri>
      • sign apps with origin field

Firefox Core

  • [decoder] JS Fuzzing for bug 837312 (requested)
  • [decoder, gkw] Bug 829602 (ParallelArray self-hosting) regressed m-c in several ways, bugs filed
    • Bug 854807 also caused recent instability

MarketPlace

Web Apps

Services

Operation Security

Retrieved from "https://wiki.allizom.org/index.php?title=Security/Meetings/SecurityAssurance/2013-03-26&oldid=643401"