canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-04-02: Difference between revisions
Jump to navigation
Jump to search
Security/Meetings/SecurityAssurance/2013-04-02 (view source)
Revision as of 12:08, 3 April 2013
, 3 April 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* Welcome Christiane Ruetten [:cr] https://phonebook.mozilla.org/#search/cruetten (she says "ohai") | |||
* Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdEI4SlE0eGRWdkN5bXBpbV8wcjNzNUE | |||
* Q1 Wrapup | |||
** [Jesse] I'm happy with Q1 browser changes: removal of window.Components, CSS columns fixes, cookie policy, ASan/TSan fixes and annotations, plugin click-to-play improvements | |||
** [gkw] a big thank you to all who helped get machines for the fuzzer folks, shoutout goes to abillings for following through | |||
** Q1 goal spreadsheet will be locked down soon | |||
** In the next week, copy/paste your goals into work.com and add narrative (which might include non-goal work you did) | |||
* Q2 Planning | |||
* [curtis / Jesse] work week fuzzing day | |||
** talking to RIM about having a mobile fuzzing presence | |||
** [Jesse] Should we invite other DOM fuzzing people from other companies? (Inferno from Google, etc) | |||
* [Jesse] It would be nice if people with non-Mozilla-hosted WordPress blogs could benefit from AppSec's work to determine which plugins are sketchy, reviewed, etc. | |||
** [tinfoil] We could make a WordPress plugin to scan your WordPress plugins! plugin fix plugin! | |||
** [tinfoil] It's sorta possible to determine whether some plugins are installed (but not whether they're enabled) (but sometimes they introduce vulns even when disabled) | |||
* [yvan] WordPress blogs could go read-only if they switch to DISQUS for comments | |||
** [jesse] But eww then we're loading third-party scripts, and not searchable, and lose control over backups | |||
* [dveditz] Draft paper comparing browser bug bounty programs | |||
** Paper shows that Chrome fixes their bounty bugs faster (?) | |||
*** [decoder] Chromium seems to have a top-down approach to assigning security bugs to developers | |||
**** Can we do that too? | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* 10th @ Sheffild Hallam (will update talks pages) | |||
* | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* Psiinon LatAm Uruguay (remote) tomorrow | |||
* Yvan, BSidesWinnipeg (November) | |||
* Yvan, | |||
* Yvan, | |||
* St3fan, Submitted a talk about Firefox OS to OHM2013 https://ohm2013.org | |||
* St3fan, Will submit a talk about Minion to OHM2013 | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
=Metrics (curtisk)= | |||
* Security Reviews Completed in Q1 2013: 66 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly | |||
** Review Security Radar Page - https://wiki.mozilla.org/Security/Radar | |||
* https://people.mozilla.com/~sarentz/p/websecbugs/ | |||
=Operations Security Update (Joe Stevensen)= | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
* [gkw] Released orangfuzz - a Firefox OS UI fuzzer based on top of the orangutan framework (development may be a Q2 goal) | |||
** https://github.com/mozilla/orangfuzz | |||
** https://github.com/wlach/orangutan | |||
== Firefox Core == | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||