Security/B2G/2013 2 27

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_2_20

News

Upcoming features:

Current/upcoming Reviews

Goal Status Updates

1. FirefoxOS related security reviews (owner: pauljt)

Good progress so far, just need to keep pushing - 1 of each per week will get us there, at current rate. https://wiki.mozilla.org/Security/B2G/Reviews

  • Gecko: 17 bugs remaining:

https://bugzilla.mozilla.org/showdependencytree.cgi?id=754730&maxdepth=1&hide_resolved=1

  • Gaia: 9 (or close to 7) bug remaining:

https://bugzilla.mozilla.org/showdependencytree.cgi?id=748190&maxdepth=1&hide_resolved=1 PT- done homescreen & e.me

2. Document Firefox OS Security (owner: dchan)

Draft Plan: https://security.etherpad.mozilla.org/MDN-Firefox-OS [pt] Started the app security page : https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Application_security Note that the permissions page wont need to have the matrix https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model is the https://wiki.mozilla.org/B2G/Architecture/Runtime_Security page, but needs updating

3. Develop and land tests for security features (owner: dchan)

after doco.

4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)

Draft Plan: https://etherpad.mozilla.org/foxhunt

   Preliminary list of Tasks finished, lots of open questions still


5. Drive OS-layer security improvement (owner: kang)

Communication to get kernel sources ceased :( New secure adb in Android 4.2.2 http://android-developers.blogspot.com/2013/02/security-enhancements-in-jelly-bean.html Filled bug https://bugzilla.mozilla.org/show_bug.cgi?id=842747

6. Secure app developer/reviewer guidelines/tools (owner: rforbes)

Other Items

App signing: https://etherpad.mozilla.org/dLWLvIJr4o Security Testing Blog Post