Standing Agenda

Q1 Goals Recap (https://intranet.mozilla.org/2013Q1Goals#Security_Engineering)
Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
Suggest additions or changes to roadmaps
Detailed discussion of features or outstanding issues as time permits
Additional Items
Upcoming events, OOO/travel, etc.

Agenda

[on track] application reputation - mmc has a patch for BackgroundFileSaver that is r+ and sr+, then moving on to the rest of the feature
[at risk] PKIX by default - held up by review process and need to write tests
[done] land mixed content UI v1
[on track] getRandomValues - moving along
[on track] CSP evangelization
[on track] Analyze and publish results of Q4's security/privacy settings study
[on track] Design cookie survey for test pilot (mmc)

If you are interested, please see https://bugzilla.mozilla.org/show_bug.cgi?id=763879#c78 which contains a summary of the situation (as well as a patch r? to dbaron that we should be able to land
hope to turn on the CSP 1.0 parser for Fx22 and then follow up ASAP with bug 821877 (make logging for CSP deprecation go to web console)

Turn pref on by default - waiting on dependencies (https://bugzilla.mozilla.org/show_bug.cgi?id=834836) ->

https://bugzilla.mozilla.org/show_bug.cgi?id=840641 - Missing images - needs landing and a quick test on linux and windows to make sure the icons appear as they should.
https://bugzilla.mozilla.org/show_bug.cgi?id=836951 nsISecureBrowserUI crash - needs work
https://bugzilla.mozilla.org/show_bug.cgi?id=840388 - about:addons - needs work. Stuck.
https://bugzilla.mozilla.org/show_bug.cgi?id=837351 - Webconsole + Error Console alerts when Mixed Content is Blocked - needs work

Then Telemetry bug 781018. In the meantime, I think I will need to remove the triangle unless the pref is manually turned on by the user: https://bugzilla.mozilla.org/show_bug.cgi?id=838359