Security/Meetings/SecurityAssurance/2012-03-20

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Second Half

Project Updates

Static Analyzers

  • coverity is already scanning Firefox; we are getting access to the results
  • HP is going to induct Firefox (and other stuff) into their Open Scan project

DevTools

  • On the DevTools work week; getting lots of info on product stuff, esp the new debugger. Tanvi and I presented some thoughts on how devtools can help webdevs do the right thing with security - slides here: http://people.mozilla.org/~mgoodwin/devtools_ideas/ - which was well received.

Pancake

  • they want this running for moco users by end of Q1. I'm still doing frontend testing - I have a big TODO list for pancake but even if I find / fix things, it's unlikely they'll be in before the M1 release (moco users).
  • [dchan] there are plans to replace Fx Home with pancake

BrowserQuest

  • for release at the end of this week. I'll be closing out this review tonight. No issues beyond casual cheating (local storage hacks). Game server is far more robust than previously tested versions.

JavaScript

  • [decoder] Started fuzz testing of IonMonkey on ARM architecture (emulated), found some bugs already
  • [decoder] I'd like to have dedicated linux ARM hardware for JS shell fuzzing (in addition to Android ARM devices)
    • We should have machines that are up-to-date, old nvidia tegra arm boards are apparently no longer produced
  • [gkw & Jesse] Major revamp of fuzzing harness happening these weeks
    • To prepare for eventual open sourcing of tools
    • Will aid moving jsfunfuzz to releng hardware

Program Management

B2G

  • SMS reviews under way