canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Meetings/SecurityAssurance/2013-04-23: Difference between revisions
Security/Meetings/SecurityAssurance/2013-04-23 (view source)
Revision as of 13:25, 24 April 2013
, 24 April 2013no edit summary
(Created page with "{{SecAssuranceMeetingInfo}} {{TOC right}}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecAssuranceMeetingInfo}} | {{SecAssuranceMeetingInfo}} | ||
{{TOC right}} | {{TOC right}} | ||
=Agenda= | |||
* [curtisk] reminder, we have set Thu as the day for the fuzzers from BB to come join us | |||
** if working with other orgs would be good to have them on that day as well | |||
* Goals | |||
** Should be locked in. - Remeber to have measurable goal so you know when you're done. | |||
** Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdHU3a2lJRV8xckZXclZJdkNlN3dUYVE#gid=1 | |||
* Metrics | |||
** Q1 - https://mana.mozilla.org/wiki/display/SECURITY/2013+-+Q1+Goals | |||
** https://security-review-statistics.vcap.mozillalabs.com/ | |||
*** "Ready for Review" / "Total Outstanding" / "Without Risk Ranking" | |||
**** appear to have plateaued, we're neither driving it down nor is does it appear to be getting additional - seems a bit odd they are not moving more | |||
** https://people.mozilla.com/~sarentz/p/dashboard | |||
*** Good progress on unresolved/unassigned web-security bugs. See dashboard | |||
** Review Security Radar Page - https://wiki.mozilla.org/Security/Radar | |||
*** WARNING: page is broken due to a bug in mediawiki that is not allowing collapsable items, so ignore this for now until a fix is available | |||
* Risk Ratings for security reviews | |||
** Link - Tool to do risk review: https://people.mozilla.com/~ckoenig/ | |||
** Process Link - https://wiki.mozilla.org/Security/RiskRatings <- this is unclear honestly, I will update it into a more flow like | |||
** Etherpad for discussing: https://etherpad.mozilla.org/SecurityRiskRanking | |||
* [pauljt] WebRTC... halp! | |||
**https://wiki.mozilla.org/Media/WebRTC/WebRTCE10S (E10S=multiprocess/related to sandboxing) | |||
* [psiinon] ZAP 2.1.0 released \\o \o/ o// | |||
=Upcoming Speaking Engagements= | |||
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks ) | |||
* [psiinon] April 24 ZAP ThreadFix webinar | |||
=Planned Blog Posts= | |||
* https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c | |||
=Security Review Status (curtisk)= | |||
* Completed in Q1 2013: 66 | |||
* Currently Completed this quarter: 13 | |||
https://security-review-statistics.vcap.mozillalabs.com/weekly | |||
=Operations Security Update (Joe Stevensen)= | |||
* Persona on internal sites by end of Q2 | |||
** https://vimeo.com/64467368 (has link to real world test too on it) | |||
* Verizon DBIR (Data Breach Investigations Report) released today http://www.verizonenterprise.com/DBIR/2013/ | |||
=Project Updates = | |||
Please add your name to the update so we know who to follow up with | |||
== Firefox Desktop == | |||
== Firefox Mobile == | |||
== Firefox OS == | |||
* [cr] work in progress: https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/Firefox+OS+Malware+Defense+Strategy | |||
** comments welcome | |||
== Firefox Core == | |||
== MarketPlace == | |||
== Web Apps == | |||
== Services == | |||
== Operation Security == | |||