Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
Phone (Toronto): 416 848 3114 x92 Conf: 95316#
Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Q2 Goals - Review - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
- By Friday, we shouldn't have any items listed as "On Track". Everything should be "Done" or "Missed" (or, for projects without an endpoint, "Ongoing").
Q3 Goals Brainstorm - https://security.etherpad.mozilla.org/2012Q3-Goals
August work week schedule/plan? - https://mana.mozilla.org/wiki/display/INFRASEC/2012+Q3+London
- OpSec hosting a gpg key signing party
- OpSec will be with Infra for two days; Then SecAssurance for the other two
- Community Members - send me recommendations -
gkw's proposed brownbag on "Challenges to Mozilla adoption in China"
- Now scheduled for July 11, Wednesday, 12pm Pacific, Ten Forward, Air Mozilla (likely)
Get your airfare for BlackHat (if going) & contact Gurvinder if in the bay area
New hire starting next week - Michal P
Please look at the zero crits proposal, and comment on it today: https://security.etherpad.mozilla.org/No-Shipped-Crits-review

Security Review Status (koenig)

Number of Reviews Completed (so far this quarter): 70 (last week 67)
- https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-review-complete%2C%20;keywords_type=allwords;list_id=2876446;field0-0-0=keywords;type0-0-0=changedafter;value0-0-0=2012.03.31;query_format=advanced = 30 (28)
- https://bugzilla.mozilla.org/buglist.cgi?list_id=2999910;resolution=FIXED;chfieldto=Now;chfield=resolution;query_format=advanced;chfieldfrom=2012-03-31;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org = 40 (39)
Number of Outstanding Reviews: 194 (last week 193)
- https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-review-needed%2C%20;query_format=advanced;keywords_type=allwords;list_id=2876531;field0-0-0=product;type0-0-0=notequals;value0-0-0=mozilla.org;resolution=---;resolution=DUPLICATE = 50 (49)
- https://bugzilla.mozilla.org/buglist.cgi?list_id=2999921;query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_status=REOPENED;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org = 144 (144)

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

now moving to a packaged format for installed apps (some decision at the work week)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

dev-servo mailing list has picked up this week

Mobile (Mark Goodwin)

Firefox 14 is out!! Grab it, rate it, tell your friends.
Engineering meeting is happening tomorrow; I'm hoping to attend.

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

Pancake will be submitted for App Store review any time about now; hoping to have a (limited) public release in about 2 weeks.

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

[gkw & Jesse] jsfunfuzz is now running on Releng hardware! \o/
What's the status of Ionmonkey?
- m-c landing apparently delayed for 2-3 more weeks

DOM, XPConnect (Jesse Ruderman)

Aryeh Gregor landed some great changes to Editor that reduce its attack surface: https://bugzilla.mozilla.org/show_bug.cgi?id=760052 and https://bugzilla.mozilla.org/show_bug.cgi?id=766387

Layout, Style (Jesse Ruderman)

[decoder] Control harnesses for domfuzz instances on Tegras now migrated to one of our internal servers and running again.

Automation Tools (Gary Kwong)

No update

Web Developer Tools (Mark Goodwin)

Hackday for GCLI commands is currently in progress. Ideas can be submitted here: https://etherpad.mozilla.org/command-line-hackathon - I think there are loads of things we could do easily that would be useful for security people; the devtools team would really welcome your input.
or, if you'd prefer to write your own (it's easy), the docs start here: https://developer.mozilla.org/en/Tools/GCLI
Also, CSP violations will start appearing soon in the Web Console of a Nightly near you <- actually, it's in inbound now :)

Networking (Christoph Diehl)

No update - working on fuzzer internals

Graphics (Christoph Diehl) =

No update - working on fuzzer internals

Networking ( Media / Codecs)

Market (Raymond Forbes)

payments update

Firefox APIs (Raymond Forbes)

App Sync (David Chan)

no update

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

no update

BrowserID

[yvan] Wide-ranging security review coming up. It will cover EVERYTHING BrowserID.

Security/Meetings/SecurityAssurance/2012-06-26

Contents

Agenda

Security Review Status (koenig)

Operations Security Update (Joe Stevensen)

Project Updates

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

Web Developer Tools (Mark Goodwin)

Networking (Christoph Diehl)

Graphics (Christoph Diehl) =

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

App Sync (David Chan)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

Navigation menu

Search