SecurityEngineering/MeetingNotes/03-14-13
From MozillaWiki
Contents
Standing Agenda
- Q1 Goals Recap (https://intranet.mozilla.org/2013Q1Goals#Security_Engineering)
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/03-07-13
Agenda
Goals Recap
- [at risk] application reputation - background file saver changes checked in, download manager change (the wire lookup part) has been mostly written but not review-ready, whitelisting/shortcutting lookups is completely unimplemented
- [at risk] PKIX by default - held up by review process and need to write tests, another approach being explored
- [done] land mixed content UI v1
- [done] getRandomValues - landed in Desktop, mobile, Firefox OS !
- [on track] CSP evangelization - CSP 1.0 not turned on in Nightly due to B2G mochitest issues with inline styles, did talk at BSides to promote CSP use, still want to do OWASP cheat sheet when 1.0 lands, spoke to Yvan about a dogfooding project and if there's a Security Champion that would be interested, going to discuss with him further on Monday
- [done] Analyze and publish results of Q4's security/privacy settings study
- [on track] Design cookie survey for test pilot (mmc)
GSOC and projects
- gsoc brainstorming page ready for updates - https://wiki.mozilla.org/Community:SummerOfCode13:Brainstorming
Our Projects page https://wiki.mozilla.org/SecurityEngineering/Projects#Coding.2FGecko_projects
UX click to play preso tomorrow
1pm in GIGO