Security/Meetings/SecurityAssurance/2013-11-12

From MozillaWiki

< Security‎ | Meetings‎ | SecurityAssurance

Jump to: navigation, search

« previous week | index | next week »

Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
Phone (Toronto): 416 848 3114 x92 Conf: 95316#
Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Contents

1 Agenda
2 Upcoming Speaking Engagements
3 Planned Blog Posts
4 Security Review Status (curtisk)
5 Operations Security Update (Joe Stevensen)
6 Project Updates

Agenda

Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AthhYg2CqN25dGRDX0ZqTkJ4dTJGWFVyb2RmNTNDbmc
Metrics
- https://security-review-statistics.vcap.mozillalabs.com/
- https://people.mozilla.com/~sarentz/p/dashboard
[curtisk] marketplace wants to do a ctf (andym)
[curtis] Security Reports
[pauljt] Scrum process - what is happening here
- current Sprint: http://scrumbu.gs/t/security-assurance/sa-sprint-2/
- Overview: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHJlUVJ5TGcyYWZTbVlMOHBKU3Y4Z2c&usp=drive_web#gid=1
- Stand up https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdFNtV0JNX091UWhKRTIxbTRKQl9FeHc&usp=drive_web#gid=1
- process docs are being written
- how do we get involved
- how are we assigning etc etc
[yvan] contributor messages
[curtisk] please review https://wiki.mozilla.org/Security/Process/Secreview_Bug_Process
- I need as much feedback as you can give me
[ulfr] Map of OpSec policies and review workflow https://mana.mozilla.org/wiki/display/~jvehent@mozilla.com/Security+Assurance+Map

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

Yvan - University of Manitoba
Yvan - University of Winnipeg
Yvan - BSidesWinnipeg
Psiinon - AppSec USA or something Next week :)

Planned Blog Posts

freshly published: https://blog.mozilla.org/security/2013/11/12/navigating-tls/
[new] https://mana.mozilla.org/wiki/display/SECURITY/Security+Blog+Posts
[old]https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c
mgoodwin / Pomax - something about webmaker
planned: benefits of x-frame-options [freddyb]
- based on whitepaper released last week https://frederik-braun.com/xfo-clickjacking.pdf
- and please the fact that missing the header doesn't mean the site is vulnerable. Context matters (noted)

Security Review Status (curtisk)

Completed in Q1:64 / Q2: 72 / Q3:55

https://security-review-statistics.vcap.mozillalabs.com/weekly (Q4:21)

Operations Security Update (Joe Stevensen)

- Monitor for threats outlined in https://pastebin.mozilla.org/3590094
- jeff would like to work with someone from appsec to make sure we are monitoring/seeing likely attacks *before* we are attacked.

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

MarketPlace

Web Apps

Services

Operation Security

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Meetings/SecurityAssurance/2013-11-12&oldid=760258"