SecurityEngineering/MeetingNotes/03-15-12
Standing agenda
- Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wiki.mozilla.org/Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Upcoming events, OOO/travel, etc.
Thoughts for Goals for Q2
https://intranet.mozilla.org/2012Q2Goals#Security_Engineering
Consider broad impact
John in Chris Beards team - Market research. Compettive picture.
Driving product strategy forward. Develop leadership in new areas. Architecture, initiation.
- B2G - Lucas
https://wiki.mozilla.org/B2G_App_Security_Model
https://wiki.mozilla.org/Apps/Security - Low rights Firefox - Lucas and Ian
- Click to play and blocklisting - Lucas, dolske, jared. Tanvi help with UX (what is the right experience?).
- Land per site third party cookies controls. Collusion also interested in this. (https://wiki.mozilla.org/Privacy/Features/Per-Site_Third-Party_Cookie_Setting) - Sid/Tanvi - nsCookieManager and PermissionsManager. Architecture, UX, Design.
- Changes to DNT - sync with spec- Sid
- SSL work with bsmith?
Security Topics for DevTools Work Week
Topic Mark and I can present for devtools work week. Ideas for Security Developer Tool(s):
- DOMinator
- CSP:
My site looks like this (browse around) what's the most strict CSP policy I can apply?
what do I need to do to my site to implement at CSP policy like this?
Link debugging stuff to CSP errors and warnings. Debugging Violations. - Expose mixed content frames/images/etc.
- Why not getting green/blue bar for certs
- Password field loaded in plaintext
- Dev mode for best practices - out of compliance is highlighted.
Brainstorm
Secure Education via Tools.
Sid Landed https search :)
Yay Sid!