Security/Meetings/SecurityAssurance/2013-03-26
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Contents |
Agenda
- Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE
- Metrics
- https://security-review-statistics.vcap.mozillalabs.com/
- Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
- Friday is a holiday in Canada and Germany has Friday and Monday off
- UK too - yep
- AMA tomorrow - https://etherpad.mozilla.org/security-ama
- Starts at 6:00 PDT
- parker etd apr12th
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
- [psiinon] March 28 OWASP LatAm Q&A
- [psiinon] March 28 pauldotcom interview?++
- [psiinon] April 3 OWASP LatAm Q&A
- [mgoodwin] April 10 - Sheffield Hallam University - guest lecture to sec. and software engineering undergrads (The Trouble with Passwords - or, Why you should use Persona0)
Planned Blog Posts
Security Review Status (curtisk)
- Completed in Q4 2012: 50 << 63 this Quarter (Q1-2013)
https://security-review-statistics.vcap.mozillalabs.com/weekly
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with
Firefox Desktop
Firefox Mobile
Firefox OS
- packaged app orgins (bug 852720)
- current postmessage auth flow is insecure due to unknown origins
- "origins" may not match up with domain manifest / app is served from
- proposed solutions
- special app://<uri>
- sign apps with origin field
Firefox Core
- [decoder] JS Fuzzing for bug 837312 (requested)
- [decoder, gkw] Bug 829602 (ParallelArray self-hosting) regressed m-c in several ways, bugs filed
- Bug 854807 also caused recent instability