SecurityEngineering/2013: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
 
(7 intermediate revisions by one other user not shown)
Line 1: Line 1:
__NOTOC__
Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013.
Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013.


== Make Firefox as Secure as Other Browsers ==
== Make Firefox More Secure ==
* Evangelism: Larissa's airmo talk on secure UX design [https://code.google.com/p/chromium/issues/detail?id=170453 was picked up by chromium]
* Evangelism: Larissa's airmo talk on secure UX design [https://code.google.com/p/chromium/issues/detail?id=170453 was picked up by chromium]
* Implement: [[FoxInABox|Sandboxing]] on Linux and E10S ({{bug|653064}})
* Implement: [[FoxInABox|Sandboxing]] on Linux and E10S ({{bug|653064}})
* Implement: Click-To-Play plugins for Firefox ({{bug|738698}})
* Implement: Click-To-Play plugins for Firefox ({{bug|738698}})
* Implement/Evangelize: CSP 1.0 for Firefox platform ({{bug|663566}})
* Implement/Evangelize: CSP 1.0 for Firefox platform ({{bug|663566}})
* Implement/Evangelize: Mixed Content Blocker ({{bug|815321}})
* Implement: Application Reputation (anti-malware) ({{bug|662819}})
* Implement/Evangelize: Site security error reporting (web console) {{bug|863874}}


== Build Security and Privacy into Mobile ==
== Build Security and Privacy into Mobile ==
* Consult: [[Apps/Security|B2G App Security Model]]
* Consult: [[Apps/Security|B2G App Security Model]]
* Implement: CSP for apps on B2G ({{bug|773891}})
* Implement: CSP for apps on B2G ({{bug|773891}})
* Implement: App signing for marketplace/B2G ({{bug|772365}})


== Improve User Control Over How Their Information is Shared and Used ==
== Improve User Control Over How Their Information is Shared and Used ==
Line 16: Line 19:
* Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz
* Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz
* Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web
* Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web
* Research: [[Security/Contextual_Identity_Project|Contextual identity]] work. (Blushproof, paper)
* Consult: Cookie Clearinghouse


== Build Security into Web Communications ==
== Build Security into Web Communications ==
* Research: Web Crypto
* Research: Web Crypto
* Implement: Certificate Revocation upgrades
* Implement: Certificate Revocation upgrades
* Implement: Rewrite certificate verification library ({{bug|878932}})
* Implement: Certificate key pinning ({{bug|744204}})
* Research/Evangelize/Implement: [https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Certificate Policy] to raise the bar on intermediate CAs
* Research/Implement: [https://addons.mozilla.org/en-US/firefox/addon/password-knight/ Password Knight]
* Research/Implement: [[Security/Features/SSL_Error_Reporting|Certificate error reporting]]

Latest revision as of 18:34, 19 June 2013

Working towards our team Strategy, this is what we will work towards in 2013.

Make Firefox More Secure

Build Security and Privacy into Mobile

Improve User Control Over How Their Information is Shared and Used

  • Implement/Evangelize: Third Party Cookie blocking bug 818430, though evolving, will improve control
  • Research: Collusion project improved transparency and generated buzz
  • Research: DNT statistics made available by the web
  • Research: Contextual identity work. (Blushproof, paper)
  • Consult: Cookie Clearinghouse

Build Security into Web Communications

Retrieved from "https://wiki.allizom.org/index.php?title=SecurityEngineering/2013&oldid=668652"