Security/Meetings/SecurityAssurance/2013-01-29
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Goals - Please keep status up to date - /ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE Google Doc
- Metrics
- Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
- https://security-review-statistics.vcap.mozillalabs.com/
- Team Meetup
- We have community spots - need 2 people nominated
- [cdiehl] FruitFarm demo
- Web app that manages cdiehl's slice of the fuzzing farm
- Lets you choose which fuzzers to run how often, see stack traces, etc
- [mgoodwin] MoFoDev
- [gkw] CanSecWest / BSides
- [psiinon] ZAP 2.0.0 - release tomorrow?
Planned Blog Posts
Speaking Engagements
https://wiki.mozilla.org/Security/Talks https://developer.mozilla.org/en-US/events
- (Who) : Date: Name of Event : Talk Title: Link
- Simon Bennetts : Feb 2-3 : FOSDEM : Talking about ZAP :)
- Raymond Forbes : Feb 27 - March 2 : Nullcon : Bug Bounty Programs
Security Review Status (curtisk)
//--------
|All new stats:| \0/ st3fan
//--------
https://security-review-statistics.vcap.mozillalabs.com/
Operations Security Update (Joe Stevensen)
Project Updates
Please don't leave blank. Add "No Update" if nothing has changed
Silent updates (rforbes / dveditz)
B2G (Paul Theriault, David Chan)
Thunderbird (Adam Muntner)
Rust (Jesse Ruderman)
- Several other people are interested in having a QuickCheck for testing Rust libraries :)
- Debate over where to enforce safety in "for" loops: https://github.com/mozilla/rust/issues/4654
Mobile (Mark Goodwin)
- No update
Sync (Simon Bennetts)
Services (Simon Bennetts & Adam Muntner)
Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)
JS (Christian Holler)
DOM, XPConnect (Jesse Ruderman)
Layout, Style (Jesse Ruderman)
Automation Tools (Gary Kwong)
- No update
Web Developer Tools (Mark Goodwin)
- Ivan making good progress on taint
Networking (Christoph Diehl)
Media / Graphics (Christoph Diehl) =
Peach (Christoph Diehl / Raymond Forbes) =
Market (Raymond Forbes)
Firefox APIs (Raymond Forbes)
Payment Flow (Raymond Forbes)
Dynamic API Security Model (Raymond Forbes)
WebRT (Raymond Forbes)
BrowserID
Identity Services (David Chan)
Addons.M.O (Raymond Forbes)
Bugzilla.M.O (Mark Goodwin & Eric Parker)
- No update