Security/Meetings/2012-02-01

Comms (curtisk)

Gary's fuzzing brown bag was a success. Recording: http://videos.mozilla.org/serv/air_mozilla/public/brownbags/2012_01_30_brownbag_Fuzzing.f4v
Decoder has his blog post up: http://blog.mozilla.com/decoder/2012/01/27/trying-new-code-analysis-techniques/
- Working on another one now (Android Automation)
Ian is working on a blog post - draft finished, awaiting some feedback
need to redo schedule and get the combined team merged in [work week task]

team lists - security-engineering alias, security-assurance alias
discussion lists - security engineering team should use moz.dev.security, security-group?
irc - #security-bugbusting <rename to security-private, security-internal?>, #security
meetings -
- do we want a meeting that's the entire security assurance team, or would the browser and server topics be too disjoint for a meeting to make sense?
- use security review slots for long discussions of specific topics
seating?
security review meetings - subscribe to calendar and email curtisk if you want off the direct invite

travel logistics
carpooling
topics, schedule, etc (has everyone seen it?)
Security Engineering team will join us Tuesday (at 11 am) and Wednesday
Thursday noon meeting - BugHunter. They are also doing it again Mountain View on Friday.
Ideas for Tues/Wed topics - roadmap, privacy reviews overview, transition for embedding relationships (https://wiki.mozilla.org/Security/TeamEmbedding - mobile, b2g, devtools)
- Take a look at the roadmaps and see if there is any topic we should discuss together

Fuzzing repository does not only contain (confidential) fuzzers, but also tools built around that.
- We should probably mirror parts into a public repository and try to split public from private stuff as far as possible, so others can profit from the code.