SecurityEngineering/2015/Q1Goals

From MozillaWiki
< SecurityEngineering
Revision as of 19:13, 16 January 2015 by Sworkman (talk | contribs) (→‎Content Security: Filing in placeholder goal: improving password security)
Jump to navigation Jump to search


DRAFT DRAFT DRAFT DRAFT DRAFT

Content Security

  • [NEW] Warn users about insecure password fields in Dev Edition/Aurora. (dri=tanvi)
    • Figure out if we can display an in-your-face warning for passwords on HTTP pages in Aurora
    • Figure out if we can turn this preference on for Polaris (if not today, then someday in the future)
    • Get UX help to design the warning
    • Start implementing
  • [NEW] REVAMP: Finalize LoadInfo patches for JS/C++ gecko channels . (dri=ckerschb)
  • [NEW] REVAMP: Start implementing the LoadInfo shim for addons. (dri=ckerschb)
  • [NEW] CSP: Prototype CSP devtool that provides suggested policy for page. (dri=ckerschb)
  • [NEW] Land SRI with style support. (dri=francois)
  • [NEW] Propose an approach for adding reporting to SRI. (dri=francois)

Tracking Protection

  • [NEW] Get TP UI enabled in Nightly/Aurora to check webcompat, shake out bugs etc. (dri=mmc)
  • [NEW] Review Referrer Policy. (dri=mmc/sid)
  • [NEW] Start experimenting with Containers for Contextual Identity. (dri=mmc)
  • [NEW] Tor bugs. (dri=sid)
  • [NEW] Blog post for meta referrer. (dri=Sid)

Addon Security

TODO

Communications Security

TODO

QE (tracking)

  • [NEW] Monitor high risk telemetry security probes via the medusa alerting system in m-c (dri=kamil)
  • [NEW] Use the Telemetry prototype to create graphs/monitor high risk security probes via Aurora and BETA. (dri=kamil)
  • [NEW] Create a smoke-level Marionette test for SSL compatibility to be run on Mozmill-CI (dri=mwobensmith)
  • [NEW] Create and stage a web-based SSL site compat tool (dri=mwobensmith)
Retrieved from "https://wiki.allizom.org/index.php?title=SecurityEngineering/2015/Q1Goals&oldid=1048424"