SecurityEngineering/2013/Q4Goals: Difference between revisions
< SecurityEngineering | 2013
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 8: | Line 8: | ||
** Tasks: | ** Tasks: | ||
*** {{done|Implement: Chromium-sandbox}}: make it possible to compile and activate on mozilla-central - (keeler + bbondy) | *** {{done|Implement: Chromium-sandbox}}: make it possible to compile and activate on mozilla-central - (keeler + bbondy) | ||
*** {{ | *** {{done|Implement: b2g/e10s security feature tests}}: Get CSP tests passing in e10s with help from overholt on platform team (garrett + sid + mwobensmith) | ||
*** {{done|Implement: enable seccomp-bpf for linux desktop}} - {{bug|935111}} (christoph) | *** {{done|Implement: enable seccomp-bpf for linux desktop}} - {{bug|935111}} (christoph) | ||
| Line 16: | Line 16: | ||
** Tasks: | ** Tasks: | ||
*** {{done|Consult: [[Security/Roadmap|security roadmap update]]}} (sid + product teams) | *** {{done|Consult: [[Security/Roadmap|security roadmap update]]}} (sid + product teams) | ||
*** {{ | *** {{done|Consult: privacy roadmap update}} (monica + sid + product teams) | ||
*** {{ | *** {{done|Consult: [[Privacy/Roadmap/Tor|anonymity (tor) roadmap]] update}} (sid + mikeperry) | ||
* NetSec | * NetSec | ||
| Line 23: | Line 23: | ||
** DRI: briansmith (+cviecco) | ** DRI: briansmith (+cviecco) | ||
** Tasks: | ** Tasks: | ||
*** {{ | *** {{miss|Land Insanity::PKIX}} - {{bug|878932}} (briansmith + cviecco) | ||
*** {{done|Implement: TLS 1.2 enabled on nightly}} requires server intolerance + telemetry (cviecco + briansmith) | *** {{done|Implement: TLS 1.2 enabled on nightly}} requires server intolerance + telemetry (cviecco + briansmith) | ||
| Line 30: | Line 30: | ||
** DRI: christoph (+tanvi) | ** DRI: christoph (+tanvi) | ||
** Tasks: | ** Tasks: | ||
*** {{ | *** {{miss|Implement: redirect bug}} - {{bug|418354}} and {{bug|878890}} | ||
*** {{done|Implement: don't show mixed content on http pages}} - {{bug|909920}} (may require content policy api changes) | *** {{done|Implement: don't show mixed content on http pages}} - {{bug|909920}} (may require content policy api changes) | ||
*** {{done|Implement: missing notification}} - {{bug|915951}}. | *** {{done|Implement: missing notification}} - {{bug|915951}}. | ||
| Line 40: | Line 40: | ||
** Tasks: | ** Tasks: | ||
*** {{done|Implement: script nonce}} landed behind a pref. {{bug|855326}} (garrett + sid) | *** {{done|Implement: script nonce}} landed behind a pref. {{bug|855326}} (garrett + sid) | ||
*** {{ | *** {{miss|Implement: script hash}} landed behind a pref. {{bug|883975}} (garrett + sid) | ||
*** {{done|Evaluate: profile CSP}} on desktop and B2G to develop a plan to optimize CSP by rewriting in C++ or otherwise (https://bugzilla.mozilla.org/show_bug.cgi?id=924337#c26) [garrett + christoph] - {{bug|927493}} shows speed improvements with a native implementation | *** {{done|Evaluate: profile CSP}} on desktop and B2G to develop a plan to optimize CSP by rewriting in C++ or otherwise (https://bugzilla.mozilla.org/show_bug.cgi?id=924337#c26) [garrett + christoph] - {{bug|927493}} shows speed improvements with a native implementation | ||
Latest revision as of 23:31, 9 January 2014
(Also linked from Platform/2013-Q4-Goals#Security)
This quarter, every goal must have more than one person affiliated with and working on it. There is still a DRI, but nobody is working alone.
- Sandboxing
- Outcome: Next set of steps towards a exploit-containing platform.
- DRI: sid (+keeler +christoph)
- Tasks:
- [DONE] Implement: Chromium-sandbox: make it possible to compile and activate on mozilla-central - (keeler + bbondy)
- [DONE] Implement: b2g/e10s security feature tests: Get CSP tests passing in e10s with help from overholt on platform team (garrett + sid + mwobensmith)
- [DONE] Implement: enable seccomp-bpf for linux desktop - bug 935111 (christoph)
- Roadmaps
- Outcome: More visibility and aim for our team's projects.
- DRI: monica (+sid +garrett +cviecco +briansmith)
- Tasks:
- [DONE] Consult: security roadmap update (sid + product teams)
- [DONE] Consult: privacy roadmap update (monica + sid + product teams)
- [DONE] Consult: anonymity (tor) roadmap update (sid + mikeperry)
- NetSec
- Outcome: Massive improvement in channel security for SSL sites that want protection from decryption.
- DRI: briansmith (+cviecco)
- Tasks:
- [MISSED] Land Insanity::PKIX - bug 878932 (briansmith + cviecco)
- [DONE] Implement: TLS 1.2 enabled on nightly requires server intolerance + telemetry (cviecco + briansmith)
- Mixed Content wrap up
- Outcome: Mixed script is blocked widely on the web in a stable way (and has no more urgent follow-ups.)
- DRI: christoph (+tanvi)
- Tasks:
- [MISSED] Implement: redirect bug - bug 418354 and bug 878890
- [DONE] Implement: don't show mixed content on http pages - bug 909920 (may require content policy api changes)
- [DONE] Implement: missing notification - bug 915951.
- [DONE] Implement: persistency for child tabs - bug 906190
- CSP
- Outcome: Wider adoption of CSP when Firefox supports these features (and beginning of CSP v1.1)
- DRI: garrett (+sid)
- Tasks:
- [DONE] Implement: script nonce landed behind a pref. bug 855326 (garrett + sid)
- [MISSED] Implement: script hash landed behind a pref. bug 883975 (garrett + sid)
- [DONE] Evaluate: profile CSP on desktop and B2G to develop a plan to optimize CSP by rewriting in C++ or otherwise (https://bugzilla.mozilla.org/show_bug.cgi?id=924337#c26) [garrett + christoph] - bug 927493 shows speed improvements with a native implementation