Security/Meetings/SecurityAssurance/2013-04-30
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Introductions - Julien Vehent
- Team meetup - Next week!
- coordinate pick up times https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdGpJcDIwNjZrcklzNE9RamZsQkI3Z0E#gid=4
- Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdHU3a2lJRV8xckZXclZJdkNlN3dUYVE&usp=sharing
- Metrics
- https://security-review-statistics.vcap.mozillalabs.com/
- https://people.mozilla.com/~sarentz/p/dashboard
- Review Security Radar Page - https://wiki.mozilla.org/Security/Radar « still mostly broken due to a wiki-media bug with collapsible items - bug 854395
- [pt] Marketplace Anti-Malware Strategy Strategy: https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/Firefox+OS+Malware+Defense+Strategy
- Planning for Las Vegas
- Al is coordinating (?)
- Black Hat, DEF CON, BSides (sold out), CodenomiCON (fuzzing)
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
- [Curtisk] 18-May MOSSCON http://www.mosscon.org/sessions/security-open
Planned Blog Posts
Security Review Status (curtisk)
- Completed in Q1 2013: 66
https://security-review-statistics.vcap.mozillalabs.com/weekly (26)
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with
Firefox Desktop
Click to play advancing - https://bugzilla.mozilla.org/show_bug.cgi?id=867337
== Fi
Agenda
- Introductions - Julien Vehent
- Team meetup - Next week!
- coordinate pick up times https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdGpJcDIwNjZrcklzNE9RamZsQkI3Z0E#gid=4
- Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdHU3a2lJRV8xckZXclZJdkNlN3dUYVE&usp=sharing
- Metrics
- https://security-review-statistics.vcap.mozillalabs.com/
- https://people.mozilla.com/~sarentz/p/dashboard
- Review Security Radar Page - https://wiki.mozilla.org/Security/Radar « still mostly broken due to a wiki-media bug with collapsible items - bug 854395
- [pt] Marketplace Anti-Malware Strategy Strategy: https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/Firefox+OS+Malware+Defense+Strategy
- Planning for Las Vegas
- Al is coordinating (?)
- Black Hat, DEF CON, BSides (sold out), CodenomiCON (fuzzing)
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
- [Curtisk] 18-May MOSSCON http://www.mosscon.org/sessions/security-open
Planned Blog Posts
Security Review Status (curtisk)
- Completed in Q1 2013: 66
https://security-review-statistics.vcap.mozillalabs.com/weekly (26)
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with
Firrefox Mobile
Firefox OS
Firefox Core
- [decoder] ASan builds are mostly bricked due to NSPR poisoning landing (bug 866525, bug 865921), working on it
- [decoder] ASan + ASM.js incompatiblities resolved but won't be effective until we upgrade Clang
- Should I use locally-built ASan for now? Or disable OdinMonkey?
- When testing the DOM, you might want to just disable OdinMonkey by setting javascript.options.experimental_asmjs to false (it's unlikely that you'll find bugs in there with DOM testing)
- Should I use locally-built ASan for now? Or disable OdinMonkey?
MarketPlace
Marketplace Anti-Malware Strategy Strategy: https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/Firefox+OS+Malware+Defense+Strategy
Web Apps
MoFoDev and nodejs
Services
Operation Security
Identity
- Mozilla IDP expected to be live for the end of quarter
- PiCL moving forward
