Security/B2G/2013 4 10

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here:


- - Sandboxing now a big priority in the project - Secure development guidelines: - CR going to be working with marketplace to help reviewers find these (^^) things - Finalising goals for Q2 - CSP 1.0 is landing, will impact Firefox OS certified apps. Working with gaia team to solve issues. Goals


Bigger Plan - 12 month items

  • Drive key security controls (sandboxing, permissions improvments, harden APIs etc)
  • Security Certification/Specification for Firefox OS (define what it means to be a Firefox OS device)
  • Publicly capture security model, details, permission models
  • Outreach efforts on Firefox OS security

Things we always do

  • Platform Security Reviews
  • App Security Reviews (Gaia & partner apps shipped with phone)
  • Design assurance/guidance on new security features


  • FirefoxOS related security reviews
  • Develop and land tests for security features
  • Bug Bounty defined and ready to launch
  • Drive key security changes
  • Compile Firefox OS issue register
  • Continue to document Firefox OS Security
  • Document update schedule


Current/upcoming Reviews

Goal Status Updates

1. FirefoxOS related security reviews (owner: pauljt)

2. Document Firefox OS Security (owner: dchan)

No update

3. Develop and land tests for security features (owner: dchan)

Follow status here APIs changing in future (null on no permission, undefined for unsupported)

4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)

-- any ctf news? <-- on hold :(

5. Drive OS-layer security improvement (owner: kang)

   got a kernel working on the unagi
   got seccomp on the unagi kernel
   openssl enc -d aes-256-cbc  -in unagi_seccomp_1.tar.gz.enc
   alula morning table guitar elephant mustard
   getting a keon this week for similar purposes ;-)
   sandbox discussions everywhere!

6. Secure app developer/reviewer guidelines/tools (owner: rforbes)

Other Items