SecurityEngineering/MeetingNotes/2013-10-31

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Q3 Goals Recap ( https://wiki.mozilla.org/SecurityEngineering/2013/Q3Goals#Q3_Goals )
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Detailed discussion of features or outstanding issues as time permits
  • Additional Items
  • Upcoming events, OOO/travel, etc.
  • Planning for next meeting (chair selection, etc)

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/2013-10-24

Q4 Goals:

  • Sandboxing
    • Outcome: Next set of steps towards a exploit-containing platform.
    • DRI: sid (+keeler +christoph)
    • Tasks:
      • [NEW] Implement: Chromium-sandbox: make it possible to compile and activate on mozilla-central - (keeler + bbondy)
      • [NEW] Implement: b2g/e10s security feature tests: Get CSP tests passing in e10s with help from overholt on platform team (garrett + sid + mwobensmith)
  • Roadmaps
    • Outcome: More visibility and aim for our team's projects.
    • DRI: monica (+sid +garrett +cviecco +briansmith)
    • Tasks:
      • [NEW] Consult: security roadmap update (sid + briansmith + product teams)
      • [NEW] Consult: privacy roadmap update (monica + sid + product teams)
      • [NEW] Consult: anonymity (tor) roadmap update (sid + mikeperry)
  • NetSec
    • Outcome: Massive improvement in channel security for SSL sites that want protection from decryption.
    • DRI: briansmith (+cviecco)
    • Tasks:
      • [NEW] Land Insanity::PKIX - bug 878932 (briansmith + cviecco)
      • [NEW] Implement: TLS 1.2 enabled on nightly requires server intolerance + telemetry (cviecco + briansmith)
  • Mixed Content wrap up
    • Outcome: Mixed script is blocked widely on the web in a stable way (and has no more urgent follow-ups.)
    • DRI: christoph (+tanvi)
    • Tasks:
      • [ON TRACK] Implement: redirect bug - bug 418354 (starting)
      • [DONE] Implement: don't show mixed content on http pages - bug 909920 (may require content policy api changes) (under review)
      • [ON TRACK] Implement: missing notification - bug 915951 (in progress)
      • [ON TRACK] Implement: persistency for child tabs - bug 906190 (under review)
  • CSP
    • Outcome: Wider adoption of CSP when Firefox supports these features (and beginning of CSP v1.1)
    • DRI: garrett (+sid)
    • Tasks:

Agenda 31-Oct-2013 ☠

CHAIR: KEELER

Action Items:

  • Monica: test out jst lint and see how it does
  • Everyone: look at the etherpads for code guidelines (above) and have an opinion ready for next week.