Personal tools

Security/Radar/Triage

From MozillaWiki

Jump to: navigation, search

Contents

Triage

Feature Pages

Feature Page Triage Needed
Feature Feature List Target Rel Prod Mgr Lead Engr Security lead Security status Security notes Last Modified
Iframe Sandbox ` Firefox 17 Lucas Adamski Ian Melven Curtis Koenig` `2012-09-13T22:57:43
HSTS Preload List ` Firefox 17 Sid Stamm David Keeler `` `2013-05-29T23:36:40
Click-to-Play Part II Desktop Firefox 17 Lucas Adamski David Keeler David Chan (dchan)` `2013-05-29T23:37:08
Tagged emails name and count after the foldernames Thunderbird Firefox 17 ` ` `` `2013-09-05T12:03:41
Mixed Content Blocker ` Firefox 23 Sid Stamm Tanvi Vyas Dan Veditz` `2014-04-10T22:55:29
Network Installer Desktop Firefox 23 Kev Needham Rob Strong TBD` `2013-08-08T10:22:29
OCSP Stapling Platform Firefox 25 Sid Stamm David Keeler Curtis Koenig` `2013-07-30T20:46:13
Improve find-in-page Desktop Firefox 25 Asa Dotzler Mike de Boer Dan Veditz` `2013-11-27T22:47:09
CSP 1.0 Support ` Firefox 25 Sid Stamm Ian Melven `` `2013-11-21T18:32:17
Replace Old Profile for Returning Users Desktop Firefox 25 Asa Dotzler Matthew Noorenberghe `` `2014-04-11T05:21:59
allow-popups (part of iframe sandbox) ` Firefox 27 Sid Stamm Bob Owen Sid Stamm` `2013-11-27T22:46:21
TLS 1.2 support ` Firefox 28 Sid Stamm Brian Smith Sid Stamm` `2013-11-27T22:45:40
Theme Refinement and Evolution (Australis) Desktop Firefox 29 Asa Dotzler ` Curtis Koenig` `2014-04-11T05:17:17
Toolbar Customization Desktop Firefox 29 ` ` `` `2014-04-11T05:20:25

Nominations

  • sec-review?
    • Flag: sec-review set to ?
    • no requestee (top group, if any)


It is impossible to construct a buglist query that returns only the bugs we want. For discussion see bug 828344 comment 72 and following; bug 677757 is what we need. The obvious query (flag=sec-review?, NOT requestee contains "@") will appear to work, but will miss bugs which have both a needinfo? request in addition to the empty sec-review? we wanted to find.

For management purposes the request feature produces the list we need.

Bugs with triage whiteboard tag

  • Triage Needed
    • Product: mozilla.org
    • Component: Security Assurance: Review Requested
    • Status: Unconfirmed, New, Reopened, Assigned, Ready
    • whiteboard (contains):[triage

Bugs without an owner

  • nobody component bugs
    • Component: contains "Security Assurance"
    • Resolution: --- (none, still open)
    • Assignee: nobody@mozilla.org
    • whiteboard: (does not contain) triage OR mentor OR vendor
    • keywords: does not contain 'meta'
    • flags: does not contain 'needinfo'

Scrum / Sprint Queries

Untriaged Web Sec Bugs

  • Website Sec
    • Status: Unconfirmed, New, Reopened, Assigned
    • Component: (does not contain) "Security Assurance: Review Request"
    • group: websites-security
    • whiteboard: (does not contain) infrasec
    • keyword: (does not contain) sec-
  • Webtools Security Bugs
    • Status: Unconfirmed, New, Reopened, Assigned
    • group: webtools-security
    • keyword: (does not contain) sec-
  • Client Services Security Bugs
    • Status: Unconfirmed, New, Reopened, Assigned
    • group: client-services-security,addons-security
    • keyword: (does not contain) sec-

Other

  • Assigned bugs
    • Keyword: sec-review-needed
    • whiteboard: "[sec-assigned:"
  • Assigned bugs in component
    • Product: mozilla.org
    • Component: component:"Security Assurance","Security Assurance: Applications","Security Assurance: Incident","Security Assurance: Operations","Security Assurance: Review Request"
    • Status: Unconfirmed, New, Reopened, Assigned
    • Assignee: nobody@mozilla.org