From MozillaWiki
Jump to: navigation, search

[sg:want] detritus (curtisk)

  • (233 bugs at the moment)
  • Triage and pare down this list?
  • There are too many of them and many may be old and no longer valid
  • could be used as a way to engage community in security activities
    • these could be 'good first bug' candidates
  • curtisk & abillings to look at this further

In-browser fuzzers on Android (decoder)

  • Wrote proof-of-concept Python code that can run our in-browser fuzzers (jsfunfuzz, domfuzzer, etc.) on remote Android Hardware in Fennec, if you want to play with this, let me know.

Mozilla CTF (decoder)

openwebapps API permissions (dchan)

services work week (dchan)

  • need more people

Security blog

  • Announcements vs engaging community and security researchers
  • Lucas spoke with Shannon

Team Shuffle (lucas)

  • Security assurance. This group will be responsible for security reviews, testing, and fuzzing of both client apps and web apps (whose boundary is blurring).
    • Managers: coates overall, dveditz for the “mostly app sec” people, and yvan managing the “mostly web app sec” people
  • Security engineering. This group will be responsible for implementing feature roadmaps.
    • Managers: lucas overall, sid (privacy group)
    • Public meetings, IRC, and mailing lists :)
  • “This meeting” goes away? (Nooo :()
  • secteam@ goes away, it's not the right group for any discussions
  • Lucas continues to report to Damon
  • Seating
  • Team Embedding - long term transition
  • mcoates / curtisk taking on privacy reviews and process


  • decoder be in SF from 6th to 11th February \o/
  • curtisk in SF 6-Feb to 11-Feb \o/