SecurityEngineering/Projects: Difference between revisions
Jump to navigation
Jump to search
(Created page with "This is a list of projects that we could use some help with. If you're interested in pitching in and making the web a safer place, these are great ways to start. For informatio...") |
|||
| Line 35: | Line 35: | ||
| [[User:Sidstamm|Sid Stamm]] | | [[User:Sidstamm|Sid Stamm]] | ||
| Implement sandbox directive for CSP. See {{bug|671389}}. | | Implement sandbox directive for CSP. See {{bug|671389}}. | ||
|- | |||
| CSP 1.1: Prototype script-hash or script-nonce to help the development of the spec | |||
| [[User:Imelven|Ian Melven]] | |||
| Prototype the proposed experimental script-hash and/or script-nonce directives for CSP and share insights with WebAppSec WG | |||
|- | |- | ||
| Certificate Manager for B2G | | Certificate Manager for B2G | ||
Revision as of 23:12, 13 March 2013
This is a list of projects that we could use some help with. If you're interested in pitching in and making the web a safer place, these are great ways to start.
For information about the Mozilla Mentorship program, please see Security/Mentorship.
Coding/Gecko projects
| Project Name | Contact | Details |
|---|---|---|
| Wordpress CSP Plugin | Sid Stamm | We need to update it for CSP 1.0 (W3C spec) |
| Mixed Content Dev Tools | Tanvi Vyas | ?? |
| Security Report devtool | Tanvi Vyas | See also bug 781147 |
| Auto-Fix SSL errors | ?? | Identify and implement autocorrection for things like system time errors, server redirects to HTTPS, etc. |
| Cookie Tagging | Mark Goodwin | Build plumbing to tag cookies allowing selection and deletion of cookies by tag type (and other things). See also bug 792986 |
| CSP 1.1: path support | Sid Stamm | Implement paths for sources in CSP. See bug 808292. |
| CSP 1.1: Sandbox support | Sid Stamm | Implement sandbox directive for CSP. See bug 671389. |
| CSP 1.1: Prototype script-hash or script-nonce to help the development of the spec | Ian Melven | Prototype the proposed experimental script-hash and/or script-nonce directives for CSP and share insights with WebAppSec WG |
| Certificate Manager for B2G | ?? | Allow adding/removal of certs in B2G |
| Client Cert support in Fx Android | ?? | |
| Certificate manager for Fx Android | ?? |
Data Gathering projects
| Project Name | Contact | Details |
|---|---|---|
| HSTS preload list crawler | David Keeler | |
| HTTPS by default | Brian Smith | For addressbar entries, assume https and fallback to http. Does it work? Need to study its effects. |
| Cert error reporting | ?? | See also bug 707275. This would create a mechanism for users to take action that would send cert chains and error info to Mozilla. |
| Fast profile switcher | Monica Chew | Prototype for seeing how users interact with it. |
| WebApp CSP generator | ?? | Tool for generating CSPs for packaged web apps |
| Remove UserPass support from nsIURI | ?? | We need to understand the affect of removing userpass support from our URIs in Firefox. |