Security/Meetings/SecurityAssurance/2012-04-03
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Welcome Michael Henry
- update on tag merger (curtisk)
- possible issue with information leakage: https://bugzilla.mozilla.org/describekeywords.cgi reveals accurate counts
- Maybe this isn't a big deal, because sec-critical covers multiple products and services
- But csec-buffer-overrun doesn't quite as much...
- Maybe this isn't really a change, because you could always calculate the difference between "assertion" and "crash" keyword counts and visible bugs in queries
- Maybe this isn't a big deal, because you could always figure out what the numbers were two months ago, and assume today isn't much different.
- Maybe we should chat with PR about this.
- Maybe this isn't a big deal, because sec-critical covers multiple products and services
- possible issue with information leakage: https://bugzilla.mozilla.org/describekeywords.cgi reveals accurate counts
- q2 goals
- skipping due to confusion over which list of goals is the "real" one, and we're missing mcoates
- https://wiki.mozilla.org/Security/Reviews/WebRT was interesting
second half
Project updates
JavaScript
- [decoder] JSBugMon - Script that can automatically reproduce JS engine bugs from the bug report. Can verify security bugs, reconfirm or close open bugs, etc. https://github.com/mozilla/JSBugMon