Standing Agenda

• Q1 Goals Recap (https://intranet.mozilla.org/2013Q1Goals#Security_Engineering)
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/02-21-13

Agenda

• Goals Recap

Goals Recap

• [at risk] application reputation - background file saver changes checked in, download manager change (the wire lookup part) has been mostly written but not review-ready, whitelisting/shortcutting lookups is completely unimplemented
• [at risk] PKIX by default - held up by review process and need to write tests
• [done] land mixed content UI v1
• [done] getRandomValues - landed in Desktop, mobile, Firefox OS !
• [at risk] CSP evangelization - CSP 1.0 not turned on in Nightly due to B2G mochitest issues with inline styles
• [on track] Analyze and publish results of Q4's security/privacy settings study (2nd half posted next week)
• [on track] Design cookie survey for test pilot (mmc)

3pc

• opt-out cookies broken by this patch -- so are the tracking cookies
• test pilot results that might be related