canmove, Confirmed users
1,537
edits
SecurityEngineering/2014/Q2Goals: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "__NOTOC__ This is a heavy-Implement quarter (as opposed to the other strategic actions in our SecurityEngineering/Strategy). (Also linked from [[Platform/2014-Q2-Goals#S...") |
No edit summary |
||
| Line 8: | Line 8: | ||
;Outcome: Faster, more correct web platform security feature/tool roll-out (plus, easier maintenance!) | ;Outcome: Faster, more correct web platform security feature/tool roll-out (plus, easier maintenance!) | ||
;Who: tanvi, ckerschb, grobinson, sstamm, rbarnes | ;Who: tanvi, ckerschb, grobinson, sstamm, rbarnes | ||
* {{new| plan out replacement for nsIContentPolicy and start executing (the Sicking project)}} [dri=tanvi, a=ckerschb] | * {{new|Consult/Research: plan out replacement for nsIContentPolicy and start executing (the Sicking project)}} [dri=tanvi, a=ckerschb] | ||
** and maybe lift out secureUIimpl stuff? | ** and maybe lift out secureUIimpl stuff? | ||
* {{ok|Make new CSP parser on by default in nightly}} [dri=ckerschb, a=grobinson,sstamm] | * {{ok|Implement: Make new CSP parser on by default in nightly}} [dri=ckerschb, a=grobinson,sstamm] | ||
* {{ok|Land WebCrypto}} [dri=rbarnes] {{Bug|865789}} | * {{ok|Implement: Land WebCrypto}} [dri=rbarnes] {{Bug|865789}} | ||
==Secure Client Platform== | ==Secure Client Platform== | ||
;Outcome: incremental progress towards containing unprivileged code to mimize risk due to vulnerabilities | ;Outcome: incremental progress towards containing unprivileged code to mimize risk due to vulnerabilities | ||
;Who: bobowen, sstamm, tabraldes | ;Who: bobowen, sstamm, tabraldes | ||
* {{new|Get open.h264 plugin sandboxed on windows}} [dri=sstamm, a=tabraldes] | * {{new|Implement: Get open.h264 plugin sandboxed on windows}} [dri=sstamm, a=tabraldes] | ||
* {{prev| something about sandboxing logging}} [dri=bobowen, a=sstamm,tabraldes] | * {{prev|Implement: something about sandboxing logging}} [dri=bobowen, a=sstamm,tabraldes] | ||
== Secure Communications:== | == Secure Communications:== | ||
;Outcome: More correct cert validation and way to detect MITM of at least one site (via pinning) | ;Outcome: More correct cert validation and way to detect MITM of at least one site (via pinning) | ||
;Who: keeler, cviecco, mmc, kathleen | ;Who: keeler, cviecco, mmc, kathleen | ||
* {{prev| Land key pinning}} [dri=cviecco, a=keeler,mmc] | * {{prev|Implement: Land key pinning}} [dri=cviecco, a=keeler,mmc] | ||
* {{new| mozilla::pkix on by default, (riding the train to) / (targeting a) release}} [dri=keeler, a=cviecco] | * {{new|Implement/Evangelize mozilla::pkix on by default, (riding the train to) / (targeting a) release}} [dri=keeler, a=cviecco] | ||
* {{new|BONUS: Deploy UI for cert error reporting}} [dri=kathleen] | * {{new|Implement: BONUS: Deploy UI for cert error reporting}} [dri=kathleen] | ||
== Tracking Protection / Privacy== | == Tracking Protection / Privacy== | ||
;Outcome: prepare Lightbeam for user study on tracking protection | ;Outcome: prepare Lightbeam for user study on tracking protection | ||
;Who: mmc, grobinson | ;Who: mmc, grobinson | ||
* {{ok| Get through the next 2 releases (1.0.10 and 1.0.11) of Lightbeam: https://github.com/mozilla/lightbeam/issues/milestones towards the goal of conducting a small user study on tracking protection}} [dri=mmc, a=grobinson] | * {{ok|Implement/Research: Get through the next 2 releases (1.0.10 and 1.0.11) of Lightbeam: https://github.com/mozilla/lightbeam/issues/milestones towards the goal of conducting a small user study on tracking protection}} [dri=mmc, a=grobinson] | ||