Security/Meetings/SecurityAssurance/2014-02-04

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

  • GSoC [psiinon]
  • [ygjb] WebSec Guide
    • related to secure code guidelines
    • goal: create a guide for webdevs to help themselves prior to a security review < this will block reviews
    • webdev has their own resources and they happily take patches, which I submitted in the past. It's the webdev bootcamp! See http://mozweb.readthedocs.org/en/latest/ (hint from freddyb) (This is a great guide!)
  • [gkw] B2G OTA updates [don't take notes on this section]
  • [dveditz] work on getting fixes to old branches
  • [ygjb] publicness of this meeting
    • we are going to consider this a private meeting but keep notes public, so be cognizant of what you write here+1
  • freddy proposes: next pad maybe "teammtg-YYYY-MM-DD"? (e.g. 2013-02-04)++
    • [jesse] move to private etherpad so the notes, but not their history, are public
  • ulfr: excellent book: RESTful web APIs http://shop.oreilly.com/product/0636920028468.do (on safari)
  • OpSec having a work week in SFO week of February 17.
  • OpSec intern Anthony Verez [:averez] returning for internship on March 3, 2014.
  • BSidesSF/RSA/Trustycon (Who is planning to attend?)
    • Yvan [BSidesSF]
    • jeff [BsidesSF] Sunday only

https://bugzilla.mozilla.org/show_bug.cgi?id=965306 OWASP EU https://bugzilla.mozilla.org/form.dev-engagement-event <- request form

  • [pt] Marketplace & Firefox OS - need to improve collaboration
   * Payments
   * Review process
   * Firefox Accounts?

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

  • Feb 5 [psiinon] - Oracle webcast (Using ZAP for automated testing) ( no tweet)
  • Feb 8 [psiinon] Manchester StudentHack (Mozilla, security, OWASP, open source) (open not sold out) http://www.studenthack.com/

Planned Blog Posts

Security Review Status (curtisk)

  • Completed in Q1:

https://security-review-statistics.vcap.mozillalabs.com/weekly

Metrics

Operations Security Update (Joe Stevensen)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

MarketPlace

Web Apps

Services

Operation Security