Security/B2G/2013 5 5
From MozillaWiki
Contents
- 1 FirefoxOS Security Team Meeting
- 1.1 News
- 1.2 Weekly goals
- 1.3 Goal Status Updates
- 1.3.1 FirefoxOS related security reviews (pauljt)
- 1.3.2 Develop and land tests for security features (dchan)
- 1.3.3 Bug Bounty defined and ready to launch (freddyb)
- 1.3.4 Compile Firefox OS issue register (pauljt)
- 1.3.5 Continue to document Firefox OS Security (pauljt)
- 1.3.6 Document Update schedule & incident response procedure (pauljt)
- 1.3.7 Firefox OS Sandboxing (kang)
- 1.3.8 Malware Defense (cr)
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_4_29
News
[cr] https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/TrustZone
DT interested in helping implement things
supervisor process
fuzzing discussion with cdiehl (should join our meeting?)
marta might join weekly meeting next week (or weeks)
(Who/What is DT? Link?) DeutscheTelekom Partners.
Weekly goals
Last Week: [pt] Review of gaia 1.0.1 [pt]SMS App review complete [pt] lots of encryption reading [pt] reviewing buri device [pt] ruxmon slides, demos etc. Current: [dc] take over some of paul's reviews [fb] bugbounty discussions, at least 1 review item [cr] get involved with mutimarket / metamarket
Goal Status Updates
- Q2 Review target: https://wiki.mozilla.org/Security/B2G/Reviews
- SMS app done
Develop and land tests for security features (dchan)
- tests landed on moz-central!
- follow-up tests - some permission APIs not testable/new APIs
Bug Bounty defined and ready to launch (freddyb)
minor updates
get dans updates [action item freddy: poke dveditz, mcoates]
Compile Firefox OS issue register (pauljt)
Continue to document Firefox OS Security (pauljt)
https://bugzilla.mozilla.org/show_bug.cgi?id=876396
Document Update schedule & incident response procedure (pauljt)
no update
Firefox OS Sandboxing (kang)
DT working on supervisor
met with marta on video
Cleaned up task items
https://wiki.mozilla.org/B2G/Architecture/System_Security
Sandboxing defined on MDN
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/System_security
Malware Defense (cr)
[cr] help offered by cryptographer, how to involve him?
no malware update