SecurityEngineering/MeetingNotes/03-15-12

< SecurityEngineering‎ | MeetingNotes
Revision as of 23:02, 15 March 2012 by Tanvi (talk | contribs) (Created page with "== Standing agenda == * Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Standing agenda

  • Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wiki.mozilla.org/Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Upcoming events, OOO/travel, etc.

Thoughts for Goals for Q2

https://intranet.mozilla.org/2012Q2Goals#Security_Engineering

Consider broad impact

John in Chris Beards team - Market research. Compettive picture.

Driving product strategy forward. Develop leadership in new areas. Architecture, initiation.

Security Topics for DevTools Work Week

Topic Mark and I can present for devtools work week. Ideas for Security Developer Tool(s):

  • DOMinator
  • CSP:
    My site looks like this (browse around) what's the most strict CSP policy I can apply?
    what do I need to do to my site to implement at CSP policy like this?
    Link debugging stuff to CSP errors and warnings. Debugging Violations.
  • Expose mixed content frames/images/etc.
  • Why not getting green/blue bar for certs
  • Password field loaded in plaintext
  • Dev mode for best practices - out of compliance is highlighted.

Brainstorm

Secure Education via Tools.

Sid Landed https search :)

Yay Sid!

https://bugzilla.mozilla.org/show_bug.cgi?id=633773