SecurityEngineering/2013: Difference between revisions

Working towards our team Strategy, this is what we will work towards in 2013.

Make Firefox More Secure

• Evangelism: Larissa's airmo talk on secure UX design was picked up by chromium
• Implement: Sandboxing on Linux and E10S (bug 653064)
• Implement: Click-To-Play plugins for Firefox (bug 738698)
• Implement/Evangelize: CSP 1.0 for Firefox platform (bug 663566)
• Implement/Evangelize: Mixed Content Blocker (bug 815321)
• Implement: Application Reputation (anti-malware) (bug 662819)
• Implement/Evangelize: Site security error reporting (web console) bug 863874

Build Security and Privacy into Mobile

• Consult: B2G App Security Model
• Implement: CSP for apps on B2G (bug 773891)
• Implement: App signing for marketplace/B2G (bug 772365)

Improve User Control Over How Their Information is Shared and Used

• Implement/Evangelize: Third Party Cookie blocking bug 818430, though evolving, will improve control
• Research: Collusion project improved transparency and generated buzz
• Research: DNT statistics made available by the web
• Research: Contextual identity work. (Blushproof, paper)
• Consult: Cookie Clearinghouse

Build Security into Web Communications

• Research: Web Crypto
• Implement: Certificate Revocation upgrades
• Implement: Rewrite certificate verification library (bug 878932)
• Implement: Certificate key pinning (bug 744204)
• Research/Evangelize/Implement: Certificate Policy to raise the bar on intermediate CAs
• Research/Implement: Password Knight
• Research/Implement: Certificate error reporting