canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-05-14: Difference between revisions
Security/Meetings/SecurityAssurance/2013-05-14 (view source)
Revision as of 21:38, 14 May 2013
, 14 May 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* Front End/Desktop Work Week (June 24-28) in Toronto | |||
** security Session would be a welcome addition, see Jaws for more info -> "how an exploit can do bad stuff" | |||
* Metro Work Week in Vancouver this week | |||
* JavaScript Work Week this week (May 13 - 17) in Santa Cruz | |||
** [gkw] Jesse and I are joining in the work week tomorrow - back to back work weeks on Wed. | |||
* Release Engineering Work Week (May 20-24) in Sunnyvale. | |||
** [joes] will attend one day or part of | |||
* Category Keywords | |||
** https://wiki.mozilla.org/Security_Severity_Ratings#Group_Keywords | |||
** Whenever a bug is filed or confirmed | |||
** Do this so that we can get metrics | |||
* Team Meetup Survey - 18 responses - more to go | |||
** link in email to team | |||
* Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdHU3a2lJRV8xckZXclZJdkNlN3dUYVE&usp=sharing | |||
** https://mana.mozilla.org/wiki/display/~mcoates@mozilla.com/2013Q2 | |||
* Metrics | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
** https://people.mozilla.com/~sarentz/p/dashboard | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* Curtisk - MOSSCON - Security in the Open http://www.mosscon.org/sessions/security-open | |||
* Yvan Boily - RMLL (July 6-23) | |||
* Yvan Boily - AppSecEU | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
=Security Review Status (curtisk)= | |||
* Completed in Q1 2013: 66 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly = 33 this quarter | |||
=Operations Security Update (Joe Stevensen)= | |||
* OpSec people on PTO this week | |||
* Following up this week on Work week items (policy work, endpoint security, mfa testing) | |||
* Infra is doing HG upgrade in June | |||
* Working on our own Bugzilla OpSec doc so that we are marking bugs with: | |||
** keyworks | |||
** group keywords | |||
** sec ratings | |||
** whiteboard tags | |||
** start/stop dates for secreviews | |||
** (not just WHAT these mean but how/when/why to apply them to a bug. current knowledge is tribal) | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
* [cr] sideloading / debug mode security discussion started in https://bugzilla.mozilla.org/show_bug.cgi?id=863669 | |||
* [cr] FxOS malware treatment discussion started in https://bugzilla.mozilla.org/show_bug.cgi?id=844227 | |||
* [cr] gonk-level malware detection/removal discussion started in | |||
https://bugzilla.mozilla.org/show_bug.cgi?id=871898 | |||
* [cr] work with zamboni and app validator devs towards implementing permission-based review aids for reviewers | |||
== Firefox Core == | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||