Security/Meetings/SecurityAssurance/2012-04-03

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

  • Welcome Michael Henry
  • update on tag merger (curtisk)
    • possible issue with information leakage: https://bugzilla.mozilla.org/describekeywords.cgi reveals accurate counts
      • Maybe this isn't a big deal, because sec-critical covers multiple products and services
        • But csec-buffer-overrun doesn't quite as much...
      • Maybe this isn't really a change, because you could always calculate the difference between "assertion" and "crash" keyword counts and visible bugs in queries
      • Maybe this isn't a big deal, because you could always figure out what the numbers were two months ago, and assume today isn't much different.
      • Maybe we should chat with PR about this.
  • q2 goals
    • skipping due to confusion over which list of goals is the "real" one, and we're missing mcoates
  • https://wiki.mozilla.org/Security/Reviews/WebRT was interesting

second half

Project updates

JavaScript

  • [decoder] JSBugMon - Script that can automatically reproduce JS engine bugs from the bug report. Can verify security bugs, reconfirm or close open bugs, etc. https://github.com/mozilla/JSBugMon