• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

• Q3 Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdGVNXzUxZkJ0WHJPNG0wMDF3ODF6REE
  • Q3 goals sheet closes on Friday
• Q4 goals
  • https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AthhYg2CqN25dGRDX0ZqTkJ4dTJGWFVyb2RmNTNDbmc
  • Consider that it's a short quarter (summit + holidays)
  • Consider that the recent reorg may change communication between teams
• Metrics
  • https://security-review-statistics.vcap.mozillalabs.com/
  • https://people.mozilla.com/~sarentz/p/dashboard
• open sessions at Summit
  • Security Champs - Brussels: Curtis | Toronto: Yvan (Fri or Sat) |Santa Clara: Rob Fletcher
    • slids: https://people.mozilla.org/~ckoenig/Presentations/SecChamps2013.html
      • also mailed to team alias
    • When is it? link? open session?
      • summit has not given us the times yet
  • https://etherpad.mozilla.org/summit-sec-faqs <- FAQs for summit
• Security/privacy session at Summit
  • Security Review Process - Brussels: Curtis | Toronto:Yvan (Fri or Sat) |Santa Clara: David Chan
    • no slides; just a conversation
    • [yvan|toronto] I will have slides for my session; do we have timings for everything < times for open session are not posted yet - url to slides please? Will have ;) Slides will be ready on Wednesday evening (planning to author on flight / at hotel)
  • Secure coding guidelines (ad hoc - not a 'proper' session) - Brussels: | Toronto: mgoodwin | Santa Clara:
    • Use the guidelines as a crib sheet
• Silisec this Thursday: http://silisec.org/meetup/2013/October/
  • That's just silly!
• [gkw] I'm a Site Host at a location (SC) for Summit - anyone else?
  • Likely doing airport greets (freedom pats?)
• [pt] App Sec USA

https://security.etherpad.mozilla.org/appsec2013

• [gkw] HITB 2013 happening on 16-17 October, freddyb/gkw/mgoodwin will be there
  • mgoodwin planning talk
  • gkw getting phones (I still need to follow up)
  • gkw getting schwag? :)
  • freddy bringing "his" two dev-phones, anything else? can bring stickers, lots of 'em.
    • ORGANISED!!111 :)

https://blog.mozilla.org/security/2013/09/30/hitbsecconf-hackweekday-2013/

HR Questions \o/

• [decoder] How should we expense internet costs when we have a bundle (that includes other non-relevant stuff). If the same ISP offers the internet alone, can we expense that price? If you're a remote worker, eligible expenses can be expensed (bill.com) -- https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=35065222
  • [curtis] my internet is bundled with phone and tv and I submit the whole receipt but only set the amount for the cost of the internet as shown on the bill I would suggest blacking out the non work-related piece (TV!), prorate it accordingly, and submit it in your expense report. More remote worker guidelines here: https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=35065222
• [pauljt] - How do we fix mistakes we've made in the PTO system? Answer: Joel Aguilera (US&Canada) - Doris (Everything else). Write to: payroll@mozilla.com... https://intranet.mozilla.org/pto/

Useful payroll link: https://mana.mozilla.org/wiki/display/PR/Payroll+and+Employment-Related+Business [Feedback Cycle] - Emily to put feedback link here by 10/8/2013 (probably quarterly) [360 Review Framework] - Emily to put link here by 10/8/2013

• Security Reports

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

Planned Blog Posts

• [new] https://mana.mozilla.org/wiki/display/SECURITY/Security+Blog+Posts
• [old] https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c

Security Review Status (curtisk)

• Completed in Q1:64 / Q2: 72

https://security-review-statistics.vcap.mozillalabs.com/weekly <-- still broken