Security/Meetings/SecurityAssurance/2012-06-05: Difference between revisions

← Older edit

Security/Meetings/SecurityAssurance/2012-06-05 (view source)

Revision as of 20:30, 12 June 2012

5,156 bytes added , 12 June 2012

→‎Security Review Status (curtisk)

Curtisk

canmove, Confirmed users, Bureaucrats and Sysops emeriti

2,776

edits

@@ Line 1: / Line 1: @@
 {{SecAssuranceMeetingInfo}}
 {{TOC right}}
+=Agenda=
+* Intern Intros
+* Our work week - ready to book travel
+** egencia -or - travel agent (email pending for this option)
+** travel should arrive Mon-13-Aug
+** Hotel is booked en-mass
+** OpSec is meeting with Systems team on Tues/Weds; then with Security Assurance on Thurs/Fri
+** https://mana.mozilla.org/wiki/display/INFRASEC/2012+Q3+London
+* [Work Week] Accessability Aug 20-24th where b2g will be an area of activity - do we need to send anyone?
+* [Brown Bag] Leading change - curtisk on Thu
+* MarketPlace Update
+* Flash Update
+* B2G Update
+* MFBT w/ curtis today at ~5 (invite sent to nightwatch and l33t)
+* gkw in Beijing next week, anything to bring up?
+* Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
+* [decoder] Skipping meeting today to have a free evening for my birthday :) Updates are below.  <BLINK>HAPPY BIRTHDAY!!! :)</BLINK> haha you forgot marquee:D
+=Security Review Status (curtisk)=
+*  Number of Reviews Completed (so far this quarter): 51 (last week 49)
+**  https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-review-complete%2C%20;keywords_type=allwords;list_id=2876446;field0-0-0=keywords;type0-0-0=changedafter;value0-0-0=2012.03.31;query_format=advanced = 21 (22)
+** https://bugzilla.mozilla.org/buglist.cgi?list_id=2999910;resolution=FIXED;chfieldto=Now;chfield=resolution;query_format=advanced;chfieldfrom=2012-03-31;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org =30(27)
+* Number of Outstanding Reviews: 185 (last week 193)
+** https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-review-needed%2C%20;query_format=advanced;keywords_type=allwords;list_id=2876531;field0-0-0=product;type0-0-0=notequals;value0-0-0=mozilla.org;resolution=---;resolution=DUPLICATE = 48 (50)
+** https://bugzilla.mozilla.org/buglist.cgi?list_id=2999921;query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_status=REOPENED;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org = 137 (143)
+=Operations Security Update (Joe Stevensen)=
+=Project Updates =
+Please don't leave blank. Add "No Update" if nothing has changed
+==Silent updates (rforbes / dveditz)==
+No update
+== B2G (Paul Theriault, David Chan) ==
+* Permissions matrix final (or close to it)
+https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0
+* Reviews trundle along, main blocker is features being complete (platform complete last week, feature complete July 20)
+==Thunderbird (Adam Muntner) ==
+==Rust (Jesse Ruderman) ==
+==Mobile (Mark Goodwin) ==
+Still working on the capability thing (Alongside other things)
+learning lots...
+==Sync  (Simon Bennetts & Adam Muntner) ==
+no update
+==Services (Simon Bennetts & Adam Muntner) ==
+notifications project may be changing significantly due to external requirements
+==Static Analysis (Adam Muntner)
+We have access to Fortify Open Review now
+- Need to decide which apps to begin scanning
+- HP specifically requested HTML5 apps, they want to tune their scanner and some representative stuff will help them develop this capability a lot
+==Social - Pancake (Mark Goodwin) ==
+No update
+==Jetpack, Add-on SDK, Add-on Builder (Dan Veditz) ==
+No update
+==JS (Christian Holler) ==
+* [decoder & gkw] IonMonkey fuzzing on x86/x86-64/ARM continuing until merge in 10 days, only a few bugs left right now, searching for new regressions introduced lately.
+** IM Correctness fuzzing bugs have all been resolved, searching for new ones now.
+* [Jesse, decoder] Working on getting jsfunfuzz to run with ASan shell builds
+==DOM, XPConnect (Jesse Ruderman) ==
+* [Jesse, decoder] Working on getting domfuzzer to run on ASan builds. It's working locally on Jesse's Linux box :)
+==Layout, Style (Jesse Ruderman) ==
+==Automation Tools (Gary Kwong) ==
+* [decoder] ASan builds now automatically created on a daily basis by pushing to try (right now Linux64 central/aurora debug/opt): https://people.mozilla.com/~choller/firefox/asan/
+==Web Developer Tools (Mark Goodwin) ==
+Issues around remote devtools being usable without prompt have been resolved (awating verification).
+Responsive mode, async HUDService landed
+== Networking (Christoph Diehl) ==
+* No update - doing a lot of reading; started to build a fuzzer for SDP
+== Graphics (Christoph Diehl) ===
+* No update
+* fuzzed Opus with applied patch of bug 751219 and new samples - nothing found.
+** bug 750231 (solved) caused some problems for bugs which have been found afterwards.
+* fuzzed Speex (standalone executable) - nothing found.
+== Networking ( Media / Codecs) ==
+== Market (Raymond Forbes) ==
+==Firefox APIs (Raymond Forbes) ==
+==Payment Flow (Raymond Forbes) ==
+==App Sync (David Chan) ==
+client code has landed in m-c
+==Dynamic API Security Model (Raymond Forbes) ==
+==WebRT (Raymond Forbes) ==
+==BrowserID ==
+== Identity Services (David Chan) ==
+no update
+==Addons.M.O (Raymond Forbes) ==
+==Bugzilla.M.O (Mark Goodwin & Eric Parker) ==
+No update
+==Mozillians (Raymond Forbes) ==
+==MDN (Raymond Forbes) ==
+==SUMO (Kitsune) () ==
+==== Bug Bounty===
+http://www.mozilla.org/security/hall-of-fame.html