Standing Agenda

• Q2 Goals Recap ( https://intranet.mozilla.org/2013Q2Goals#Security_Engineering )
• Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
• Suggest additions or changes to roadmaps
• Detailed discussion of features or outstanding issues as time permits
• Additional Items
• Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/05-30-13

Q2 Goals

• [ON TRACK] land the application reputation scanning tool bug 662819 (mmc)
• [DONE] Turn Mixed Content Blocking on in Aurora (tanvi)
• [ON TRACK] land classic cert validation replacement, off by default (bsmith) builds on all platforms, same revovation as classic, pending tests for edge case certtificates (certificate usages & chain building).
• [ON TRACK] land OCSP stapling support and tests (keeler)
• [ON TRACK] Revamp the MDN documentation of CSP and Mixed Content Blocker (imelven + tanvi)
• [ON TRACK] Develop & socialize plan (document containing steps, timeline, implementation & test plan) for getting sandboxing onto a desktop Firefox, probably Linux (imelven)
• [ON TRACK] Deploy pilot cookie study and publish results. (ddahl)

Agenda

• Rapid Q2 Goals Recap
• Google Security Team Meetup Lunch Series Spectacular Extravaganza [beta]
  • Set up monthly chat with the Google folks to discuss securifying the internetz
• Elevator pitch

"The Security and Privacy Engineering team is tasked with building secure operation and user sovereignty into the web platform and also leveraging the open web to bring these attributes to more environments. Random blog post copy/paste crib text: "The open web is powerful; the huge number of people working on web standards and software is astonishing, and the rapid advancement of new businesses and technologies online magnifies the need for advances in mechanisms that enable secure systems and users' control over their presence online." bsmitH: We're designing & building the foundation for Firefox and Firefox OS that everybody at Mozilla will be able to leverage for creating a safe, powerful, and fast internet-connected world." Helping people be in control of their online experience through (Mozilla products such as?) Firefox. msh: "making your data safe; keeping you in control of your PC?" sstamm: "making the web safer" (for users, not just your corporate masters?) sstamm: "protecting the web since 1998" grobinson: tasked with building secure operation and user sovereignty in the web and incorporate these (?) into Mozilla's products as well leveraging the open web to bring these attributes to more environments. standards work, outreach to websites to adopt new security technologies.... web as a whole. grobinson: "making the web safer & keeping users in control" giving users real choices making the web a safer place where users have real choices about their security and privacy making the web a safer place while ensuring users have control over their web experience Vision: >> "We make the web safer." Elevator pitch: Gecko Forever(?) ddahl's sappy pitch: The Security and Privacy Engineering team innovates and improves on the secure operation, user sovereignty and user privacy of Mozilla products, services and the entire web platform >> We build security and user sovereignty into Firefox. Through this work, we encourage and promote these values on the open web. << Happiness is a warm Firefox. you can have my firefox when you pry my cold dead fingers^H^H^H^H^H paws from it Web 2.nd amendment - right to fox arms If you outlaw Firefoxes only criminals will have Firefoxes "Individuals’ security on the Internet is fundamental and cannot be treated as optional." Firefoxy(?) do we want to talk about what happens when we fail? bad things that happen if our code doesn't work?

• bad guys get access to your bank account
• your spouse finds out you're cheating on them
• dictators figure out you're a freedom fighter
• marketers steal your facebook login and spam your friends
• your younger brother sends embarrasing emails from your account
• your mom finds out you're drinking / dating that guy from across town [LIKE]

t-shirt ideas

• "seceng: we do stuff"
• "seceng: i made the milk go bad"
• "seceng: i could tell you but then i'd have to kill you"
• "seceng: V ZNGR GUR ZVYX TB ONG"