SecurityEngineering/2013: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (4 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013. | Working towards our team [[SecurityEngineering/Strategy|Strategy]], this is what we will work towards in 2013. | ||
| Line 9: | Line 8: | ||
* Implement/Evangelize: Mixed Content Blocker ({{bug|815321}}) | * Implement/Evangelize: Mixed Content Blocker ({{bug|815321}}) | ||
* Implement: Application Reputation (anti-malware) ({{bug|662819}}) | * Implement: Application Reputation (anti-malware) ({{bug|662819}}) | ||
* Implement/Evangelize: Site security error reporting (web console) | * Implement/Evangelize: Site security error reporting (web console) {{bug|863874}} | ||
== Build Security and Privacy into Mobile == | == Build Security and Privacy into Mobile == | ||
| Line 20: | Line 19: | ||
* Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz | * Research: [http://www.mozilla.org/en-US/collusion/ Collusion project] improved transparency and generated buzz | ||
* Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web | * Research: [https://dnt-dashboard.mozilla.org DNT statistics] made available by the web | ||
* Research: [[Security/Contextual_Identity_Project Contextual identity]] work. (Blushproof, paper) | * Research: [[Security/Contextual_Identity_Project|Contextual identity]] work. (Blushproof, paper) | ||
* Consult: Cookie Clearinghouse | * Consult: Cookie Clearinghouse | ||
| Line 28: | Line 27: | ||
* Implement: Rewrite certificate verification library ({{bug|878932}}) | * Implement: Rewrite certificate verification library ({{bug|878932}}) | ||
* Implement: Certificate key pinning ({{bug|744204}}) | * Implement: Certificate key pinning ({{bug|744204}}) | ||
* Research/Evangelize/Implement: [https://wiki.mozilla.org/CA | * Research/Evangelize/Implement: [https://wiki.mozilla.org/CA:CertificatePolicyV2.1 Certificate Policy] to raise the bar on intermediate CAs | ||
* Research/Implement: [https://addons.mozilla.org/en-US/firefox/addon/password-knight/ Password Knight] | * Research/Implement: [https://addons.mozilla.org/en-US/firefox/addon/password-knight/ Password Knight] | ||
* Research/Implement: [Security/Features/SSL_Error_Reporting Certificate error reporting] | * Research/Implement: [[Security/Features/SSL_Error_Reporting|Certificate error reporting]] | ||
Latest revision as of 18:34, 19 June 2013
Working towards our team Strategy, this is what we will work towards in 2013.
Make Firefox More Secure
- Evangelism: Larissa's airmo talk on secure UX design was picked up by chromium
- Implement: Sandboxing on Linux and E10S (bug 653064)
- Implement: Click-To-Play plugins for Firefox (bug 738698)
- Implement/Evangelize: CSP 1.0 for Firefox platform (bug 663566)
- Implement/Evangelize: Mixed Content Blocker (bug 815321)
- Implement: Application Reputation (anti-malware) (bug 662819)
- Implement/Evangelize: Site security error reporting (web console) bug 863874
Build Security and Privacy into Mobile
- Consult: B2G App Security Model
- Implement: CSP for apps on B2G (bug 773891)
- Implement: App signing for marketplace/B2G (bug 772365)
- Implement/Evangelize: Third Party Cookie blocking bug 818430, though evolving, will improve control
- Research: Collusion project improved transparency and generated buzz
- Research: DNT statistics made available by the web
- Research: Contextual identity work. (Blushproof, paper)
- Consult: Cookie Clearinghouse
Build Security into Web Communications
- Research: Web Crypto
- Implement: Certificate Revocation upgrades
- Implement: Rewrite certificate verification library (bug 878932)
- Implement: Certificate key pinning (bug 744204)
- Research/Evangelize/Implement: Certificate Policy to raise the bar on intermediate CAs
- Research/Implement: Password Knight
- Research/Implement: Certificate error reporting