Security/B2G/2013 4 23
From MozillaWiki
Contents
- 1 FirefoxOS Security Team Meeting
- 1.1 News
- 1.2 Current/upcoming Reviews
- 1.3 Goal Status Updates
- 1.3.1 FirefoxOS related security reviews (pauljt)
- 1.3.2 Develop and land tests for security features (dchan)
- 1.3.3 Bug Bounty defined and ready to launch (freddyb)
- 1.3.4 Create Firefox OS Security Feature Tracking & Prioritization (pauljt)
- 1.3.5 Compile Firefox OS issue register (pauljt)
- 1.3.6 Continue to document Firefox OS Security (pauljt)
- 1.3.7 Document Update schedule & incident response procedure (pauljt)
- 1.3.8 Firefox OS Sandboxing (kang)
- 1.3.9 Malware Defense Strategy (cr)
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_4_17
News
- webrtc - - mozContacts bugs -- https://bugzilla.mozilla.org/show_bug.cgi?id=853709 -- https://bugzilla.mozilla.org/show_bug.cgi?id=856042
Current/upcoming Reviews
Goal Status Updates
- Q2 Review target: https://wiki.mozilla.org/Security/B2G/Reviews - anything missing ?
Develop and land tests for security features (dchan)
no update
Bug Bounty defined and ready to launch (freddyb)
went through existing bug bounty faqs, tried answering similar questions for fxos
https://docs.google.com/a/mozilla.com/document/d/1jJRk3BevGhG-WXQK9VvvKBpTEt_qspQkTkm1AyFGBpI/edit
Create Firefox OS Security Feature Tracking & Prioritization (pauljt)
Compile Firefox OS issue register (pauljt)
Continue to document Firefox OS Security (pauljt)
no update
Document Update schedule & incident response procedure (pauljt)
no updates
Firefox OS Sandboxing (kang)
https://docs.google.com/a/mozilla.com/document/d/1U-q5Imm9TjDsoEFzByR_ctFV1Z0MIaQuknfy8rvxeMQ
https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AhL62r-99fkxdHRRZ1pjUTBKeFhHYU5RM2pRcVZSTXc
Marta/DT interested in sandboxing
WebRTC "sandboxing friendly" proposal
https://wiki.mozilla.org/Media/WebRTC/WebRTCE10S
IRC: #boxing on irc.mozilla.org (sandboxing)
Malware Defense Strategy (cr)
- started https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/Firefox+OS+Malware+Defense+Strategy (work in progress)
- we're now present in the marketplace meetings
- need plan for in-depth malware response at the gonk layer (clean up known malware and backdoors left behind)
- work required towards engaging carriers and branders
- branded firefox os clone as a service for carriers: http://www.net-m.de/en/innovation/innovation-projects/net-m-os/
- problem: security not a priority
- progress on marketplace documentation
- https://etherpad.mozilla.org/mktplaceinfo
- freddyb looked at app-validator, great point for integrating our tools
