From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

Long term goals

2015 Quarterly Planning

Q1 Team Goals

  • Update application security model for FxOS 3.0 (granting of permissions, exposing more APIs, app packaging alternatives)
  • Security Assurance for 2.2 (specicially NFC & Payments)
  • Improving the path for FxOS security contributors
  • Outline encryption feature goals for FxOS 3.0
  • Improved incident response and vulnerability management processes

2014 Quarterly Planning

Q2 Team Goals

  • Define security update & incident response plans
  • Ensure security model supports FxOS 2.0 requirements (e.g. Loop, Haida)
  • Reduce whitelist of dangerous system calls in sandbox implementation

Secondary Goals

  • Rollout marketplace reviewer security training to app reviewers and plan for scaling to meet 2014 Marketplace growth requirements
  • Work with OEMs to ensure partner modifications don’t compromise security
  • Complete security reviews for 2.0 release

Q3 Team Goals

  • Develop security build checklist for OEMs to adopt
  • Launch bug bounty program
  • Drive definition of crypto/key management features for 2.2

Secondary Goals

  • Update, document and publicise security assurance processes to developer teams
  • Improve app review tools based on community feedback
  • Security enhancements to WebIDE/Marketplace
  • Complete security reviews for 2.1 release

Q4 Team Goals

  • Implement process for closing bug loop on lower-risk or non-blocking security issues
  • Remove all high-risk exceptions in sandbox for 2.2
  • Depends on platform & e10s sandboxing progress

Secondary Goals

  • Implement controls to measure OEM compliance with security checklist (from Q3)
  • Ensure we have met Marketplace 2014 growth goals (from Q2)
  • Complete security reviews for 2.2 release