Security/Meetings/SecurityAssurance/2012-09-18

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Security Review Status (koenig)

  • Completed in Q3 2012:
  • Number of Reviews Completed (so far this quarter):51(36)

https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;chfieldto=Now;chfield=resolution;query_format=advanced;chfieldfrom=2012-06-30;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org;list_id=4428359

  • Number of Outstanding Reviews: 144(158)

https://bugzilla.mozilla.org/buglist.cgi?chfieldto=Now;chfield=bug_status;query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_status=REOPENED;component=Security%20Assurance%3A%20Review%20Request;list_id=4428360

Operations Security Update (Joe Stevensen)

No Update

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

  • testing is progressing. We are almost ready to write the dom access tests

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

  • Secreview on Monday for the new updater

Sync (Simon Bennetts & Adam Muntner)

Services (Simon Bennetts & Adam Muntner)

Social - Pancake (Mark Goodwin)

  • No update

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

  • IonMonkey landed \o/
  • [decoder] Fuzzing with --no-ti on x86/ARM to somewhat resemble ARMv6 configuration
    • [gkw] jsfunfuzz already randomly chooses to fuzz w/ --no-ti

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

Web Developer Tools (Mark Goodwin)

  • Secreview soon for HTML Tree Editor (need to schedule)
  • Have been having fun hacking on CSP bits

Networking (Christoph Diehl)

Graphics (Christoph Diehl) =

  • No update

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

  • No updates

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

AddressSanitizer (Christian Holler)

  • `make check` now green on try
    • \o/
  • Remaining mochitest-1 blocker patch reviewed, landing soon
  • Remaining defects (orange) filed and waiting for fixes