Security/B2G/2013 6 5

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here:


   DT interested in helping implement things
   supervisor process
   fuzzing discussion with cdiehl (should join our meeting?)
   marta might join weekly meeting next week (or weeks)

(Who/What is DT? Link?) DeutscheTelekom Partners.

Weekly goals

Last Week: [pt] Review of gaia 1.0.1 [pt]SMS App review complete [pt] lots of encryption reading [pt] reviewing buri device [pt] ruxmon slides, demos etc. Current: [dc] take over some of paul's reviews [fb] bugbounty discussions, at least 1 review item [cr] get involved with mutimarket / metamarket

Goal Status Updates

FirefoxOS related security reviews (pauljt)

Develop and land tests for security features (dchan)

  • tests landed on moz-central!
  • follow-up tests - some permission APIs not testable/new APIs

Bug Bounty defined and ready to launch (freddyb)

   minor updates
   get dans updates [action item freddy: poke dveditz, mcoates]

Compile Firefox OS issue register (pauljt)

Continue to document Firefox OS Security (pauljt)

Document Update schedule & incident response procedure (pauljt)

no update

Firefox OS Sandboxing (kang)

   DT working on supervisor
   met with marta on video
   Cleaned up task items
   Sandboxing defined on MDN

Malware Defense (cr)

   [cr] help offered by cryptographer, how to involve him?
   no malware update