Security/Meetings/SecurityAssurance/2014-02-04
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- GSoC [psiinon]
- [ygjb] WebSec Guide
- related to secure code guidelines
- goal: create a guide for webdevs to help themselves prior to a security review < this will block reviews
- webdev has their own resources and they happily take patches, which I submitted in the past. It's the webdev bootcamp! See http://mozweb.readthedocs.org/en/latest/ (hint from freddyb) (This is a great guide!)
- [gkw] B2G OTA updates [don't take notes on this section]
- [dveditz] work on getting fixes to old branches
- [ygjb] publicness of this meeting
- we are going to consider this a private meeting but keep notes public, so be cognizant of what you write here+1
- freddy proposes: next pad maybe "teammtg-YYYY-MM-DD"? (e.g. 2013-02-04)++
- [jesse] move to private etherpad so the notes, but not their history, are public
- ulfr: excellent book: RESTful web APIs http://shop.oreilly.com/product/0636920028468.do (on safari)
- OpSec having a work week in SFO week of February 17.
- OpSec intern Anthony Verez [:averez] returning for internship on March 3, 2014.
- BSidesSF/RSA/Trustycon (Who is planning to attend?)
- Yvan [BSidesSF]
- jeff [BsidesSF] Sunday only
https://bugzilla.mozilla.org/show_bug.cgi?id=965306 OWASP EU https://bugzilla.mozilla.org/form.dev-engagement-event <- request form
- [pt] Marketplace & Firefox OS - need to improve collaboration
* Payments * Review process * Firefox Accounts?
- [gkw] sidenote - LINE has been released on the Marketplace
- https://marketplace.firefox.com/app/line
- It's a WhatsApp-equivalent, one of the most popular chat apps in Japan and Taiwan
- Security Reports
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
- Feb 5 [psiinon] - Oracle webcast (Using ZAP for automated testing) ( no tweet)
- Feb 8 [psiinon] Manchester StudentHack (Mozilla, security, OWASP, open source) (open not sold out) http://www.studenthack.com/
Planned Blog Posts
- [new] https://mana.mozilla.org/wiki/display/SECURITY/Security+Blog+Posts
- [old]https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c
Security Review Status (curtisk)
- Completed in Q1:
https://security-review-statistics.vcap.mozillalabs.com/weekly
Metrics
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with