canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-03-26: Difference between revisions
Security/Meetings/SecurityAssurance/2013-03-26 (view source)
Revision as of 19:57, 2 April 2013
, 2 April 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE | |||
* Metrics | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
** Review Security Radar Page - https://wiki.mozilla.org/Security/Radar | |||
* Friday is a holiday in Canada and Germany has Friday and Monday off | |||
** UK too - yep | |||
* AMA tomorrow - https://etherpad.mozilla.org/security-ama | |||
** Starts at 6:00 PDT | |||
* parker etd apr12th | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* [psiinon] March 28 OWASP LatAm Q&A | |||
* [psiinon] March 28 pauldotcom interview?++ | |||
* [psiinon] April 3 OWASP LatAm Q&A | |||
* [mgoodwin] April 10 - Sheffield Hallam University - guest lecture to sec. and software engineering undergrads (The Trouble with Passwords - or, Why you should use Persona0) | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
=Security Review Status (curtisk)= | |||
* Completed in Q4 2012: 50 << 63 this Quarter (Q1-2013) | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly | |||
=Operations Security Update (Joe Stevensen)= | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
* packaged app orgins (bug 852720) | |||
** current postmessage auth flow is insecure due to unknown origins | |||
** "origins" may not match up with domain manifest / app is served from | |||
** proposed solutions | |||
*** special app://<uri> | |||
*** sign apps with origin field | |||
== Firefox Core == | |||
* [decoder] JS Fuzzing for bug 837312 (requested) | |||
* [decoder, gkw] Bug 829602 (ParallelArray self-hosting) regressed m-c in several ways, bugs filed | |||
** Bug 854807 also caused recent instability | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||