Security/Meetings/SecurityAssurance/2012-11-06

From MozillaWiki

< Security‎ | Meetings‎ | SecurityAssurance

Jump to: navigation, search

« previous week | index | next week »

Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
Phone (Toronto): 416 848 3114 x92 Conf: 95316#
Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Contents

1 Agenda
2 Security Review Status (koenig)
3 Operations Security Update (Joe Stevensen)
4 Project Updates

Agenda

Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/SECURITY/2012+-+Q4+Goals
Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
mgoodwin out Thurs / Fri (OWASP workshop, Limerick)
[curtisk] Security Champions & intros
- https://wiki.mozilla.org/Security/Champions
[mcoates] Project Kick Off Form - https://wiki.mozilla.org/Kick-Off_Form, https://bugzilla.mozilla.org/form.moz-project-review
[mcoates] Firefox OS Update Proposals - https://mana.mozilla.org/wiki/display/SECURITY/FirefoxOS-Updates#FirefoxOS-Updates-Proposals

Security Review Status (koenig)

Completed in Q3 2012: 56
Number of Reviews Completed (so far this quarter):21 (19)
- https://bugzilla.mozilla.org/buglist.cgi?list_id=4619884;resolution=FIXED;chfieldto=2012-12-31;query_format=advanced;chfield=resolution;chfieldfrom=2012-09-30;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org
Number of Outstanding Reviews: 144 (142)
- https://bugzil.la/comp%3A%22security%20assurance%3A%20review%20request%22
Number of reviews without risk rating 30 (27)
- https://bugzil.la/component%3A%22Security%20Assurance%3A%20Review%20Request%22%20-sw%3A%22%5Bneeds%20info%5D%22%20-sw%3A%22%5Bscore%3A%22
Number of reviews without deadline set 134 (132)
- https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=cf_due_date;query_format=advanced;resolution=---;type0-0-0=isempty;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org
Find Yours:
- MIssing Risk Rating (Yours)
- Without Deadlin (Yours)

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

no updates
work week is happening in SF this week

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

No update

Sync (Simon Bennetts)

Services (Simon Bennetts & Adam Muntner)

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

Testing ARMv6 now (virtually), but possibly ARMv6 JIT will be disabled soon anyway

DOM, XPConnect (Jesse Ruderman)

bz fixed https://bugzilla.mozilla.org/show_bug.cgi?id=807222, which should help the DOM fuzzer find APIs to fuzz :)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

No update

Web Developer Tools (Mark Goodwin)

Chrome debugging! Very exciting, have a play.
- Not (quite) there on android, but still useful on Desktop

Networking (Christoph Diehl)

Finished IPC fuzzing for Q4

Graphics (Christoph Diehl) =

Resumed WebGL fuzzing with llvmpipe in Linux VM
Added tiny FTP response fuzzer
Looking into G.711/PCM
OMX decoder list: https://etherpad.mozilla.org/omx

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

AddressSanitizer (Christian Holler)

Minion (Simon, Stefan, Matt)

Working demo running
Plugins!

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Meetings/SecurityAssurance/2012-11-06&oldid=485542"