SecurityEngineering/2013
From MozillaWiki
Working towards our team Strategy, this is what we will work towards in 2013.
Contents
Make Firefox More Secure
- Evangelism: Larissa's airmo talk on secure UX design was picked up by chromium
- Implement: Sandboxing on Linux and E10S (bug 653064)
- Implement: Click-To-Play plugins for Firefox (bug 738698)
- Implement/Evangelize: CSP 1.0 for Firefox platform (bug 663566)
- Implement/Evangelize: Mixed Content Blocker (bug 815321)
- Implement: Application Reputation (anti-malware) (bug 662819)
- Implement/Evangelize: Site security error reporting (web console) bug 863874
Build Security and Privacy into Mobile
- Consult: B2G App Security Model
- Implement: CSP for apps on B2G (bug 773891)
- Implement: App signing for marketplace/B2G (bug 772365)
- Implement/Evangelize: Third Party Cookie blocking bug 818430, though evolving, will improve control
- Research: Collusion project improved transparency and generated buzz
- Research: DNT statistics made available by the web
- Research: Contextual identity work. (Blushproof, paper)
- Consult: Cookie Clearinghouse
Build Security into Web Communications
- Research: Web Crypto
- Implement: Certificate Revocation upgrades
- Implement: Rewrite certificate verification library (bug 878932)
- Implement: Certificate key pinning (bug 744204)
- Research/Evangelize/Implement: Certificate Policy to raise the bar on intermediate CAs
- Research/Implement: Password Knight
- Research/Implement: Certificate error reporting