Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
Phone (Toronto): 416 848 3114 x92 Conf: 95316#
Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q3+Goals
NSS meeting regarding telemetry collection on Aug 7/8
- devd is interested in CAs and errors and overriding of errors. bsmith might be interested in protocols.
Black Hat is next week!
- https://wiki.mozilla.org/Security/BlackHat_2012#Attendees
- No milk & cookies this year :( Hopefully next year.
MozCamp Poland
- workshop the day after for regional attendance
- sec add-ons hacking (HITB presentation), CTF event

Security Review Status (koenig)

No metrics -- active discussion about how we should count to make this accurate: https://etherpad.mozilla.org/secreviewmetrics

Completed in Q2 2012:
Number of Reviews Completed (so far this quarter):
Number of Outstanding Reviews:

Operations Security Update (Joe Stevensen)

securing all the things

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

Gaia platform complete target of this friday 220/7
Target to complete all reviews by August 30
Have a play with gaia: https://wiki.mozilla.org/Security/B2G/GaiaTesting
navigator.pay review this Thursday 10 AM Pacific
Features landing thick and fast at the moment
- Status (note which ones are done by feature complete): https://docs.google.com/spreadsheet/ccc?key=0AiBigu584YY7dGlNSlY0QzhJb3M5anRBa1gxalV0Y3c#gid=0

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

No update

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Services reorg, marketplace and services eng team combining under mmayo

Social - Pancake (Mark Goodwin)

Pancake was rejected from the App Store...

   * Will be resubmitted with some tweaks to make it sound less labsy

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

[decoder] Working on coverage measurements with IonMonkey team, additional tests have been derived already.
[decoder] Running IonMonkey differential testing and ARM testing again

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

Web Developer Tools (Mark Goodwin)

No update

Networking (Christoph Diehl)

No update

Graphics (Christoph Diehl) =

Fuzzing ImageLib because of some recent regressions - only hitting the same bugs
Added code generator for OpenGL ES - rewrite from JS to Py3

Security/Meetings/SecurityAssurance/2012-07-17

Contents

Agenda

Security Review Status (koenig)

Operations Security Update (Joe Stevensen)

Project Updates

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

Web Developer Tools (Mark Goodwin)

Networking (Christoph Diehl)

Graphics (Christoph Diehl) =

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

App Sync (David Chan)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

Navigation menu

Search