SecurityEngineering/2013: Difference between revisions

Latest revision as of 18:34, 19 June 2013

Working towards our team Strategy, this is what we will work towards in 2013.

Make Firefox More Secure

Evangelism: Larissa's airmo talk on secure UX design was picked up by chromium
Implement: Sandboxing on Linux and E10S (bug 653064)
Implement: Click-To-Play plugins for Firefox (bug 738698)
Implement/Evangelize: CSP 1.0 for Firefox platform (bug 663566)
Implement/Evangelize: Mixed Content Blocker (bug 815321)
Implement: Application Reputation (anti-malware) (bug 662819)
Implement/Evangelize: Site security error reporting (web console) bug 863874

Build Security and Privacy into Mobile

Consult: B2G App Security Model
Implement: CSP for apps on B2G (bug 773891)
Implement: App signing for marketplace/B2G (bug 772365)

Improve User Control Over How Their Information is Shared and Used

Implement/Evangelize: Third Party Cookie blocking bug 818430, though evolving, will improve control
Research: Collusion project improved transparency and generated buzz
Research: DNT statistics made available by the web
Research: Contextual identity work. (Blushproof, paper)
Consult: Cookie Clearinghouse

Build Security into Web Communications

Research: Web Crypto
Implement: Certificate Revocation upgrades
Implement: Rewrite certificate verification library (bug 878932)
Implement: Certificate key pinning (bug 744204)
Research/Evangelize/Implement: Certificate Policy to raise the bar on intermediate CAs
Research/Implement: Password Knight
Research/Implement: Certificate error reporting

@@ Line 1: / Line 1: @@
-__NOTOC__
 Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013.
@@ Line 8: / Line 7: @@
 * Implement/Evangelize: CSP 1.0 for Firefox platform ({{bug|663566}})
 * Implement/Evangelize: Mixed Content Blocker ({{bug|815321}})
+* Implement: Application Reputation (anti-malware) ({{bug|662819}})
+* Implement/Evangelize: Site security error reporting (web console) {{bug|863874}}
 == Build Security and Privacy into Mobile ==
 * Consult: [[Apps/Security|B2G App Security Model]]
 * Implement: CSP for apps on B2G ({{bug|773891}})
+* Implement: App signing for marketplace/B2G ({{bug|772365}})
 == Improve User Control Over How Their Information is Shared and Used ==
@@ Line 17: / Line 19: @@
 * Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz
 * Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web
+* Research: [[Security/Contextual_Identity_Project|Contextual identity]] work. (Blushproof, paper)
+* Consult: Cookie Clearinghouse
 == Build Security into Web Communications ==
 * Research: Web Crypto
 * Implement: Certificate Revocation upgrades
+* Implement: Rewrite certificate verification library ({{bug|878932}})
+* Implement: Certificate key pinning ({{bug|744204}})
+* Research/Evangelize/Implement: [https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Certificate Policy] to raise the bar on intermediate CAs
+* Research/Implement: [https://addons.mozilla.org/en-US/firefox/addon/password-knight/ Password Knight]
+* Research/Implement: [[Security/Features/SSL_Error_Reporting|Certificate error reporting]]