« previous week | index | next week »

• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Contents 1 Agenda 2 Planned Blog Posts 3 Speaking Engagements 4 Security Review Status (curtisk) 5 Operations Security Update (Joe Stevensen) 6 Project Updates 6.1 Silent updates (rforbes / dveditz) 6.2 B2G (Paul Theriault, David Chan) 6.3 Thunderbird (Adam Muntner) 6.4 Rust (Jesse Ruderman) 6.5 Mobile (Mark Goodwin) 6.6 Sync (Simon Bennetts) 6.7 Services (Simon Bennetts & Adam Muntner) 6.8 Jetpack, Add-on SDK, Add-on Builder (Dan Veditz) 6.9 JS (Christian Holler) 6.10 DOM, XPConnect (Jesse Ruderman) 6.11 Layout, Style (Jesse Ruderman) 6.12 Automation Tools (Gary Kwong) 6.13 Web Developer Tools (Mark Goodwin) 6.14 Networking (Christoph Diehl) 6.15 Media / Graphics (Christoph Diehl) = 6.16 Peach (Christoph Diehl / Raymond Forbes) = 6.17 Market (Raymond Forbes) 6.18 Firefox APIs (Raymond Forbes) 6.19 Payment Flow (Raymond Forbes) 6.20 Dynamic API Security Model (Raymond Forbes) 6.21 WebRT (Raymond Forbes) 6.22 BrowserID 6.23 Identity Services (David Chan) 6.24 Addons.M.O (Raymond Forbes) 6.25 Bugzilla.M.O (Mark Goodwin & Eric Parker) 6.26 Mozillians (Raymond Forbes) 6.27 MDN (Raymond Forbes) 6.28 SUMO (Kitsune) () 6.29 AddressSanitizer (Christian Holler)

Agenda

• Goals - Please keep status up to date - /ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE Google Doc
• Metrics
  • Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
  • https://security-review-statistics.vcap.mozillalabs.com/
• Team Meetup
  • We have community spots - need 2 people nominated
• [cdiehl] FruitFarm demo
  • Web app that manages cdiehl's slice of the fuzzing farm
  • Lets you choose which fuzzers to run how often, see stack traces, etc
• [mgoodwin] MoFoDev
• [gkw] CanSecWest / BSides
• [psiinon] ZAP 2.0.0 - release tomorrow?

Planned Blog Posts

• https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c

Speaking Engagements

https://wiki.mozilla.org/Security/Talks https://developer.mozilla.org/en-US/events

• (Who) : Date: Name of Event : Talk Title: Link
• Simon Bennetts : Feb 2-3 : FOSDEM : Talking about ZAP :)
• Raymond Forbes : Feb 27 - March 2 : Nullcon : Bug Bounty Programs

Security Review Status (curtisk)

---

//--------

|All new stats:| \0/ st3fan

---

//--------

https://security-review-statistics.vcap.mozillalabs.com/

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

• Several other people are interested in having a QuickCheck for testing Rust libraries :)
• Debate over where to enforce safety in "for" loops: https://github.com/mozilla/rust/issues/4654

Mobile (Mark Goodwin)

• No update

Sync (Simon Bennetts)

Services (Simon Bennetts & Adam Muntner)

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

• No update

Web Developer Tools (Mark Goodwin)

• Ivan making good progress on taint

Networking (Christoph Diehl)

Media / Graphics (Christoph Diehl) =

Peach (Christoph Diehl / Raymond Forbes) =

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

• No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

AddressSanitizer (Christian Holler)