Security/Meetings/2011-08-25

From MozillaWiki

< Security‎ | Meetings

Jump to: navigation, search

Contents

1 Apps Review
2 App Store (rforbes)
3 Pancake / Firefox Home (imelven)
4 XSS Filter

Apps Review

http://etherpad.mozilla.com:9000/p5sbmv56Fh
working on reconciliation with this and B2G
- Lucas focusing on B2G for now and bsterne for Apps

App Store (rforbes)

https://wiki.mozilla.org/Security/Reviews/AppStore
Working on the data flow
- 2 stores, one for add-ons one for web apps
possible browserID for app-store and AMO
- will wiat for BrowserID until it's out of labs
- browserID also reinvestigating use of Hardware Security Module (HSM)
- AMO power users not allowed to use browser ID initially

== OWASP @ Moz (mcoates)

hosted at MV and broadcast on Air Mozilla tonight @ 18:30 PDT
mcoates giving same talk he gave in Greece recently

Pancake / Firefox Home (imelven)

brown bag on tuesday in SF / in MV in 10 forward @ 1230 pm (internal only)
Sid has been engaged with Privacy conversations
- https://wiki.mozilla.org/Privacy/Reviews/Pancake (in progress, diagrams and risk analysis upcoming)
mgoodwin has filed many sec bugs against the server
dchan and i have looked at the pancake FF addon
imelven has done an initial pass through the iOS app and will follow up with st3fan and mgoodwin

XSS Filter

support for the same headers as used for IE (de-facto standard as chrome/IE)
- our behaves in the same way as webkit
will we implement reports like CSP for blocked content?
- maybe: have not reserached this, so not being used right now, could be a future change

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Meetings/2011-08-25&oldid=343226"