SecurityEngineering/2014/Q2Goals

From MozillaWiki

< SecurityEngineering

Revision as of 15:44, 17 June 2014 by Sidstamm (talk | contribs) (→‎Secure Communications:)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

This is a heavy-Implement quarter (as opposed to the other strategic actions in our SecurityEngineering/Strategy).

(Also linked from Platform/2014-Q2-Goals#Security_.26_Privacy)

Web Platform Security

Outcome: Faster, more correct web platform security feature/tool roll-out (plus, easier maintenance!)
Who: tanvi, ckerschb, grobinson, sstamm, rbarnes

[ON TRACK] Consult/Research: plan out replacement for nsIContentPolicy and start executing (the Sicking project) [dri=tanvi, a=ckerschb]
- and maybe lift out secureUIimpl stuff?
[ON TRACK] Implement: Make new CSP parser on by default in nightly [dri=ckerschb, a=grobinson,sstamm]
[DONE] Implement: Land WebCrypto [dri=rbarnes] bug 865789

Secure Client Platform

Outcome: incremental progress towards containing unprivileged code to mimize risk due to vulnerabilities
Who: bobowen, sstamm, tabraldes

[NEW] Implement: Get open.h264 plugin sandboxed on windows [dri=sstamm, a=tabraldes]
[DROPPED] Get some tests on TBPL running with sandbox [dri=bobowen, a=sstamm,tabraldes] (Dropped due to complications in getting even e10s in windows running on TBPL, in favor of warn-only mode goal below)
[ON TRACK] Create warn-only mode for sandbox in windows builds so developers can see what *will* break before it does [dri=bobowen, a=sstamm]

Secure Communications:

Outcome: More correct cert validation and way to detect MITM of at least one site (via pinning)
Who: keeler, cviecco, mmc, kathleen

[DONE] Implement: Land key pinning [dri=cviecco, a=keeler,mmc]
- See dashboard: http://people.mozilla.org/~mchew/pinning_dashboard/
[DONE] Implement/Evangelize mozilla::pkix on by default, (riding the train to) / (targeting a) release [dri=keeler, a=cviecco]
[AT RISK] Implement: BONUS: Deploy UI for cert error reporting [dri=grobinson]

Tracking Protection / Privacy

Outcome: prepare Lightbeam for user study on tracking protection
Who: mmc, grobinson

[ON TRACK] Implement/Research: Get through the next 2 releases (1.0.10 and 1.0.11) of Lightbeam: https://github.com/mozilla/lightbeam/issues/milestones towards the goal of conducting a small user study on tracking protection [dri=mmc, a=grobinson]

Retrieved from "https://wiki.allizom.org/index.php?title=SecurityEngineering/2014/Q2Goals&oldid=989711"