SecurityEngineering/2013: Difference between revisions

← Older edit

SecurityEngineering/2013 (view source)

Revision as of 18:34, 19 June 2013

796 bytes added , 19 June 2013

→‎Build Security into Web Communications

Kathleen Wilson

Confirmed users, Administrators

5,526

edits

@@ Line 1: / Line 1: @@
-__NOTOC__
 Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013.
@@ Line 8: / Line 7: @@
 * Implement/Evangelize: CSP 1.0 for Firefox platform ({{bug|663566}})
 * Implement/Evangelize: Mixed Content Blocker ({{bug|815321}})
+* Implement: Application Reputation (anti-malware) ({{bug|662819}})
+* Implement/Evangelize: Site security error reporting (web console) {{bug|863874}}
 == Build Security and Privacy into Mobile ==
 * Consult: [[Apps/Security|B2G App Security Model]]
 * Implement: CSP for apps on B2G ({{bug|773891}})
+* Implement: App signing for marketplace/B2G ({{bug|772365}})
 == Improve User Control Over How Their Information is Shared and Used ==
@@ Line 17: / Line 19: @@
 * Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz
 * Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web
+* Research: [[Security/Contextual_Identity_Project|Contextual identity]] work. (Blushproof, paper)
+* Consult: Cookie Clearinghouse
 == Build Security into Web Communications ==
 * Research: Web Crypto
 * Implement: Certificate Revocation upgrades
+* Implement: Rewrite certificate verification library ({{bug|878932}})
+* Implement: Certificate key pinning ({{bug|744204}})
+* Research/Evangelize/Implement: [https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Certificate Policy] to raise the bar on intermediate CAs
+* Research/Implement: [https://addons.mozilla.org/en-US/firefox/addon/password-knight/ Password Knight]
+* Research/Implement: [[Security/Features/SSL_Error_Reporting|Certificate error reporting]]