SecurityEngineering/MeetingNotes/11-29-12
From MozillaWiki
Standing Agenda
- Q4 Goals Recap
- Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Additional Items
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/11-15-12
Q4 Goals
- [ON TRACK] Land CSP 1.0
- [ON TRACK] Deliver integrated Payments and ID for B2G
- [DONE] Host security community event (public brownbag on 11/13)
Tainting - DOM XSS
- Paul and Raymond are exploring the idea of using taint in the JS engine to detect DOM XSS
- DOMinator is an existing addon that does this but only works in Firefox 4 - it's now a commercial tool
- Performance not an issue because its something a user/developer would turn on while testing.
2013 team strategy
- https://wiki.mozilla.org/SecurityEngineering/2013
- feedback to Sid if you've got thoughts on this doc.