Security/B2G/2014 1 29

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_12_17

Agenda Items

[arroway] NFC workweek

* that was a planning workweek to decide of a common roadmap for NFC Payment
* developper signature for apps (UICC access control
* UI stuff

News

New roadmap: https://wiki.mozilla.org/Security/Roadmap Reviews - Where's my fox - Inter-app communication (omerta) - Support delivery reports (919977) - Firefox OS Accounts (incl. 935232) Review Triage - OMA-push - Send MMS to email (840515) - Emoji support in SMS - MAC address based firewall (e.g. iptables) & its corresponding API for Gaia < is that for adb/debugging over wifi? (firewalling based on mac addresses is useless) - Expose a server TCP socket API to web applications - dhcpd & admission control, & corresponding API for Gaia - NFC payments? < no code yet Hardening: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdG5SMFJIckJBNnJfNlJHWUtLZFBMN3c#gid=0 Goals: What are our overall objectives? 1. Provide b2g security assurance

   Catching security oversights
   Identifying and promoting good security practices (consistency, patterns and practices)
   closing the bug loop, pushing bugs to completion
   incident management
   embedding/team support/security guidance

2. Push security feature development

   Identify and drive security features on the program
   hacking on features
   co-ordinating/encouraging community contributions

Notes

  • Goals

kang: i added some doc for seccomp. i feel like my mdn doc is in wikimo and vice versa. But meh. https://wiki.mozilla.org/Security/Sandbox/Seccomp - hopefully it helps to understand the technical details Wanna help sandbox? Pick your favorite bug https://bugzilla.mozilla.org/show_bug.cgi?id=929277 -> possibility to reach out and get community contributions? (freddy asks) if possible, thatd be cool

Previous Action Items

New Action Items

Goal Status Updates

Other stuff