Security/Meetings/SecurityAssurance/2012-11-06: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}} =Agenda=")
 
 
Line 2: Line 2:
{{TOC right}}
{{TOC right}}
=Agenda=
=Agenda=
*
* Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/SECURITY/2012+-+Q4+Goals
* Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
* mgoodwin out Thurs / Fri (OWASP workshop, Limerick)
* [curtisk] Security Champions & intros
** https://wiki.mozilla.org/Security/Champions
* [mcoates] Project Kick Off Form - https://wiki.mozilla.org/Kick-Off_Form, https://bugzilla.mozilla.org/form.moz-project-review
* [mcoates] Firefox OS Update Proposals - https://mana.mozilla.org/wiki/display/SECURITY/FirefoxOS-Updates#FirefoxOS-Updates-Proposals
=Security Review Status (koenig)=
* Completed in Q3 2012: 56
* Number of Reviews Completed (so far this quarter):21 (19)
** https://bugzilla.mozilla.org/buglist.cgi?list_id=4619884;resolution=FIXED;chfieldto=2012-12-31;query_format=advanced;chfield=resolution;chfieldfrom=2012-09-30;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org
* Number of Outstanding Reviews: 144 (142)
** https://bugzil.la/comp%3A%22security%20assurance%3A%20review%20request%22
* Number of reviews without risk rating 30 (27)
** https://bugzil.la/component%3A%22Security%20Assurance%3A%20Review%20Request%22%20-sw%3A%22%5Bneeds%20info%5D%22%20-sw%3A%22%5Bscore%3A%22
* Number of reviews without deadline set 134 (132)
**https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=cf_due_date;query_format=advanced;resolution=---;type0-0-0=isempty;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org
*Find Yours:
** [https://bugzil.la/component%3A%22Security%20Assurance%3A%20Review%20Request%22%20-sw%3A%22%5Bneeds%20info%5D%22%20-sw%3A%22%5Bscore%3A%22%20owner:%25user%25 MIssing Risk Rating (Yours)]
** [https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=cf_due_date;query_format=advanced;resolution=---;type0-0-0=isempty;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org;field1-0-0=assigned_to;type1-0-0=equals;value1-0-0=%25user%25 Without Deadlin (Yours)]
=Operations Security Update (Joe Stevensen)=
=Project Updates =
Please don't leave blank. Add "No Update" if nothing has changed
==Silent updates (rforbes / dveditz)==
== B2G (Paul Theriault, David Chan) ==
* no updates
* work week is happening in SF this week
==Thunderbird (Adam Muntner) ==
==Rust (Jesse Ruderman) ==
==Mobile (Mark Goodwin) ==
* No update
==Sync  (Simon Bennetts) ==
==Services (Simon Bennetts & Adam Muntner) ==
==Jetpack, Add-on SDK, Add-on Builder (Dan Veditz) ==
==JS (Christian Holler) ==
* Testing ARMv6 now (virtually), but possibly ARMv6 JIT will be disabled soon anyway
==DOM, XPConnect (Jesse Ruderman) ==
* bz fixed https://bugzilla.mozilla.org/show_bug.cgi?id=807222, which should help the DOM fuzzer find APIs to fuzz :)
==Layout, Style (Jesse Ruderman) ==
==Automation Tools (Gary Kwong) ==
* No update
==Web Developer Tools (Mark Goodwin) ==
* Chrome debugging! Very exciting, have a play.
** Not (quite) there on android, but still useful on Desktop
== Networking (Christoph Diehl) ==
* Finished IPC fuzzing for Q4
== Graphics (Christoph Diehl) ===
* Resumed WebGL fuzzing with llvmpipe in Linux VM
* Added tiny FTP response fuzzer
* Looking into G.711/PCM
* OMX decoder list: https://etherpad.mozilla.org/omx
== Networking ( Media / Codecs) ==
== Market (Raymond Forbes) ==
==Firefox APIs (Raymond Forbes) ==
==Payment Flow (Raymond Forbes) ==
==Dynamic API Security Model (Raymond Forbes) ==
==WebRT (Raymond Forbes) ==
==BrowserID ==
== Identity Services (David Chan) ==
==Addons.M.O (Raymond Forbes) ==
==Bugzilla.M.O (Mark Goodwin & Eric Parker) ==
* No update
==Mozillians (Raymond Forbes) ==
==MDN (Raymond Forbes) ==
==SUMO (Kitsune) () ==
== AddressSanitizer (Christian Holler) ==
==Minion (Simon, Stefan, Matt)==
* Working demo running
* Plugins!

Latest revision as of 21:58, 6 November 2012


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Security Review Status (koenig)

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

  • no updates
  • work week is happening in SF this week

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

  • No update

Sync (Simon Bennetts)

Services (Simon Bennetts & Adam Muntner)

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • Testing ARMv6 now (virtually), but possibly ARMv6 JIT will be disabled soon anyway

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

  • No update

Web Developer Tools (Mark Goodwin)

  • Chrome debugging! Very exciting, have a play.
    • Not (quite) there on android, but still useful on Desktop

Networking (Christoph Diehl)

  • Finished IPC fuzzing for Q4

Graphics (Christoph Diehl) =

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

  • No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

AddressSanitizer (Christian Holler)

Minion (Simon, Stefan, Matt)

  • Working demo running
  • Plugins!
Retrieved from "https://wiki.allizom.org/index.php?title=Security/Meetings/SecurityAssurance/2012-11-06&oldid=485542"