SecurityEngineering/2014/Q2Goals

This is a heavy-Implement quarter (as opposed to the other strategic actions in our SecurityEngineering/Strategy).

(Also linked from Platform/2014-Q2-Goals#Security_.26_Privacy)

Web Platform Security

Outcome

Faster, more correct web platform security feature/tool roll-out (plus, easier maintenance!)

Who

tanvi, ckerschb, grobinson, sstamm, rbarnes

• [NEW] plan out replacement for nsIContentPolicy and start executing (the Sicking project) [dri=tanvi, a=ckerschb]
  • and maybe lift out secureUIimpl stuff?
• [ON TRACK] Make new CSP parser on by default in nightly [dri=ckerschb, a=grobinson,sstamm]
• [ON TRACK] Land WebCrypto [dri=rbarnes] bug 865789

Secure Client Platform

Outcome

incremental progress towards containing unprivileged code to mimize risk due to vulnerabilities

Who

bobowen, sstamm, tabraldes

• [NEW] Get open.h264 plugin sandboxed on windows [dri=sstamm, a=tabraldes]
• [CARRY OVER] something about sandboxing logging [dri=bobowen, a=sstamm,tabraldes]

Secure Communications:

Outcome

More correct cert validation and way to detect MITM of at least one site (via pinning)

Who

keeler, cviecco, mmc, kathleen

• [CARRY OVER] Land key pinning [dri=cviecco, a=keeler,mmc]
• [NEW] mozilla::pkix on by default, (riding the train to) / (targeting a) release [dri=keeler, a=cviecco]
• [NEW] BONUS: Deploy UI for cert error reporting [dri=kathleen]

Tracking Protection / Privacy

Outcome

prepare Lightbeam for user study on tracking protection

Who

mmc, grobinson

• [ON TRACK] Get through the next 2 releases (1.0.10 and 1.0.11) of Lightbeam: https://github.com/mozilla/lightbeam/issues/milestones towards the goal of conducting a small user study on tracking protection [dri=mmc, a=grobinson]