SecurityEngineering/2013: Difference between revisions

 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
__NOTOC__
Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013.
Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013.


Line 8: Line 7:
* Implement/Evangelize: CSP 1.0 for Firefox platform ({{bug|663566}})
* Implement/Evangelize: CSP 1.0 for Firefox platform ({{bug|663566}})
* Implement/Evangelize: Mixed Content Blocker ({{bug|815321}})
* Implement/Evangelize: Mixed Content Blocker ({{bug|815321}})
* Implement: Application Reputation (anti-malware) ({{bug|662819}})
* Implement/Evangelize: Site security error reporting (web console) {{bug|863874}}


== Build Security and Privacy into Mobile ==
== Build Security and Privacy into Mobile ==
* Consult: [[Apps/Security|B2G App Security Model]]
* Consult: [[Apps/Security|B2G App Security Model]]
* Implement: CSP for apps on B2G ({{bug|773891}})
* Implement: CSP for apps on B2G ({{bug|773891}})
* Implement: App signing for marketplace/B2G ({{bug|772365}})


== Improve User Control Over How Their Information is Shared and Used ==
== Improve User Control Over How Their Information is Shared and Used ==
Line 17: Line 19:
* Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz
* Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz
* Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web
* Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web
* Research: [[Security/Contextual_Identity_Project|Contextual identity]] work. (Blushproof, paper)
* Consult: Cookie Clearinghouse


== Build Security into Web Communications ==
== Build Security into Web Communications ==
* Research: Web Crypto
* Research: Web Crypto
* Implement: Certificate Revocation upgrades
* Implement: Certificate Revocation upgrades
* Implement: Rewrite certificate verification library ({{bug|878932}})
* Implement: Certificate key pinning ({{bug|744204}})
* Research/Evangelize/Implement: [https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Certificate Policy] to raise the bar on intermediate CAs
* Research/Implement: [https://addons.mozilla.org/en-US/firefox/addon/password-knight/ Password Knight]
* Research/Implement: [[Security/Features/SSL_Error_Reporting|Certificate error reporting]]

Latest revision as of 18:34, 19 June 2013

Working towards our team Strategy, this is what we will work towards in 2013.

Make Firefox More Secure

Build Security and Privacy into Mobile

Improve User Control Over How Their Information is Shared and Used

  • Implement/Evangelize: Third Party Cookie blocking bug 818430, though evolving, will improve control
  • Research: Collusion project improved transparency and generated buzz
  • Research: DNT statistics made available by the web
  • Research: Contextual identity work. (Blushproof, paper)
  • Consult: Cookie Clearinghouse

Build Security into Web Communications