Security/B2G/2013 6 5

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_4_29

News

   [cr] https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/TrustZone
   DT interested in helping implement things
   supervisor process
   fuzzing discussion with cdiehl (should join our meeting?)
   marta might join weekly meeting next week (or weeks)

(Who/What is DT? Link?) DeutscheTelekom Partners.

Weekly goals

Last Week: [pt] Review of gaia 1.0.1 [pt]SMS App review complete [pt] lots of encryption reading [pt] reviewing buri device [pt] ruxmon slides, demos etc. Current: [dc] take over some of paul's reviews [fb] bugbounty discussions, at least 1 review item [cr] get involved with mutimarket / metamarket

Goal Status Updates

FirefoxOS related security reviews (pauljt)

Develop and land tests for security features (dchan)

  • tests landed on moz-central!
  • follow-up tests - some permission APIs not testable/new APIs

Bug Bounty defined and ready to launch (freddyb)

   minor updates
   get dans updates [action item freddy: poke dveditz, mcoates]

Compile Firefox OS issue register (pauljt)

Continue to document Firefox OS Security (pauljt)

https://bugzilla.mozilla.org/show_bug.cgi?id=876396

Document Update schedule & incident response procedure (pauljt)

no update

Firefox OS Sandboxing (kang)

   DT working on supervisor
   met with marta on video
   Cleaned up task items
   https://wiki.mozilla.org/B2G/Architecture/System_Security
   Sandboxing defined on MDN
   https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/System_security

Malware Defense (cr)

   [cr] help offered by cryptographer, how to involve him?
   no malware update