Security/B2G: Difference between revisions
< Security
Jump to navigation
Jump to search
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 16: | Line 16: | ||
==== Security Assurance ==== | ==== Security Assurance ==== | ||
'' | ''Ensure security throughout OS development lifecycle'' | ||
* Embedding/team support/security guidance | * Embedding/team support/security guidance | ||
* Catching security oversights | * Catching security oversights | ||
| Line 23: | Line 23: | ||
==== Security Improvement ==== | ==== Security Improvement ==== | ||
'' | ''Drive security improvements to support evolving device and app requirements, and to bring us to parity with other mobile platforms'' | ||
* Update Firefox OS Application security model to address emerging APIs, use cases and threats | * Update Firefox OS Application security model to address emerging APIs, use cases and threats | ||
* Coordinate between platform & B2G teams on security feature development | * Coordinate between platform & B2G teams on security feature development | ||
| Line 31: | Line 31: | ||
==== Ecosystem Security ==== | ==== Ecosystem Security ==== | ||
'' | ''Empower community to help secure Firefox OS'' | ||
* Improve effectiveness and scalability of Marketplace security review process | * Improve effectiveness and scalability of Marketplace security review process | ||
* Provide security guidance to developers & reviewers (e.g MDN documentation) | * Provide security guidance to developers & reviewers (e.g MDN documentation) | ||
| Line 38: | Line 38: | ||
==== Partner Security Program ==== | ==== Partner Security Program ==== | ||
'' | ''Help and monitor partners to ensure our users are protected'' | ||
* Work with partners to ensure security of vendor modifications & co-ordinate security updates | * Work with partners to ensure security of vendor modifications & co-ordinate security updates | ||
* Enforce security through partner certification program | * Enforce security through partner certification program | ||
Revision as of 05:25, 14 April 2014
Firefox OS Security Team
Summary
| Lead | Paul Theriault (irc: pauljt) |
| Team Members | Rob Fletcher (irc: omerta), Frederick Braun (irc: freddyb), Christiane Ruetten (irc: cr), Stéphanie Ouillon (irc: arroway) |
| References | Firefox OS Security Model Overview |
Team Responsibilities
Security Assurance
Ensure security throughout OS development lifecycle
- Embedding/team support/security guidance
- Catching security oversights
- Identifying and promoting good security practices (consistency, patterns and practices)
- Closing the bug loop, pushing security bugs to resolution
Security Improvement
Drive security improvements to support evolving device and app requirements, and to bring us to parity with other mobile platforms
- Update Firefox OS Application security model to address emerging APIs, use cases and threats
- Coordinate between platform & B2G teams on security feature development
- Contribute patches for minor security improvements
- Coordinating/encouraging community security contributions
- Drive development of new security features (e.g. crypto support)
Ecosystem Security
Empower community to help secure Firefox OS
- Improve effectiveness and scalability of Marketplace security review process
- Provide security guidance to developers & reviewers (e.g MDN documentation)
- Development of tools for app developers & reviewers
- App security incident response (vulnerable or malicious apps)
Partner Security Program
Help and monitor partners to ensure our users are protected
- Work with partners to ensure security of vendor modifications & co-ordinate security updates
- Enforce security through partner certification program
- Security incident response, management, and partner fix coordination
Useful Links
Wiki
MDN
Various
- Draft specification: Runtime and Security Model for Web Applications
- Basecamp Permissions Model
- Getting starting testing Gaia and Web Apps
Meetings
Connection Information
- Dial-in:
- +1 650 903 0800 x92 Conf 98500#
- +1 416 848 3114 x92 Conf 98500#
- +1 800 707 2533 (pin 369) Conf 98500# (toll free, Skype)
- Vidyo: B2G Vidyo room
FirefoxOS Security Weekly Meeting
- Time: Tuesdays 1330 PDT / 2130 CET / 0430 CST / 2130 UTC
- Notes during the meeting are captured on this etherpad.
Subpages of Security/B2G
- Security/B2G/2013 10 07
- Security/B2G/2013 10 22
- Security/B2G/2013 10 29
- Security/B2G/2013 11 19
- Security/B2G/2013 11 26
- Security/B2G/2013 12 17
- Security/B2G/2013 12 20
- Security/B2G/2013 13 5
- Security/B2G/2013 20 5
- Security/B2G/2013 20 6
- Security/B2G/2013 27 5
- Security/B2G/2013 2 13
- Security/B2G/2013 2 20
- Security/B2G/2013 2 27
- Security/B2G/2013 2 6
- Security/B2G/2013 3 13
- Security/B2G/2013 3 20
- Security/B2G/2013 4 10
- Security/B2G/2013 4 17
- Security/B2G/2013 4 23
- Security/B2G/2013 4 29
- Security/B2G/2013 5 5
- Security/B2G/2013 6 21
- Security/B2G/2013 6 5
- Security/B2G/2013 8 27
- Security/B2G/2013 9 14
- Security/B2G/2013 9 21
- Security/B2G/2014 01 07
- Security/B2G/2014 01 4
- Security/B2G/2014 02 11
- Security/B2G/2014 02 17
- Security/B2G/2014 02 24
- Security/B2G/2014 02 4
- Security/B2G/2014 03 4
- Security/B2G/2014 04 16
- Security/B2G/2014 04 22
- Security/B2G/2014 04 9
- Security/B2G/2014 1 29
- Security/B2G/April 10 2012
- Security/B2G/April 16 2012
- Security/B2G/April 4 2012
- Security/B2G/Bluetooth
- Security/B2G/Bluetooth-april-2012
- Security/B2G/Browser API
- Security/B2G/Carrier Billing API
- Security/B2G/Contribute
- Security/B2G/Documentation
- Security/B2G/Engagement
- Security/B2G/FirefoxOSCommsHardening
- Security/B2G/GaiaTesting
- Security/B2G/Gaia Apps
- Security/B2G/Goals
- Security/B2G/Guidance
- Security/B2G/Hardware
- Security/B2G/Jan 29 2013
- Security/B2G/JavaScript code analysis
- Security/B2G/KULHITB2014
- Security/B2G/PermissionReview
- Security/B2G/PermissionReview/Hostedrisks
- Security/B2G/PermissionReview/New permission model
- Security/B2G/PermissionReview/PrivilegedPackages
- Security/B2G/PermissionReview/SystemXHR
- Security/B2G/PermissionReview/TCPUDPSocket
- Security/B2G/Permissions API
- Security/B2G/Permissions Model & Management
- Security/B2G/Permissions list
- Security/B2G/Persona API
- Security/B2G/RIL
- Security/B2G/Reviews
- Security/B2G/Reviews old
- Security/B2G/Reviews planning
- Security/B2G/RootingTools
- Security/B2G/SecurityModelv3/Origins and cookie jars
- Security/B2G/TCP UDP Socket
- Security/B2G/Team responsibilities
- Security/B2G/USB file-reading API
- Security/B2G/VulnerabilityManagement
- Security/B2G/navigator.pay