SecurityEngineering/2013/Q4Goals: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
mNo edit summary
Line 15: Line 15:
** DRI: monica (+sid +garrett +cviecco +briansmith)
** DRI: monica (+sid +garrett +cviecco +briansmith)
** Tasks:
** Tasks:
*** {{done|Consult: [[Security/Roadmap|security roadmap update]]}} (sid + product teams)
*** {{ok|Consult: [[Security/Roadmap|security roadmap update]]}} (sid + product teams)
*** {{ok|Consult: privacy roadmap update}} (monica + sid + product teams)
*** {{ok|Consult: privacy roadmap update}} (monica + sid + product teams)
*** {{ok|Consult: anonymity (tor) roadmap update}} (sid + mikeperry)
*** {{done|Consult: [[Privacy/Roadmap/Tor|anonymity (tor) roadmap]] update}} (sid + mikeperry)


* NetSec
* NetSec
Line 23: Line 23:
** DRI: briansmith (+cviecco)
** DRI: briansmith (+cviecco)
** Tasks:
** Tasks:
*** {{new|Land Insanity::PKIX}} - {{bug|878932}} (briansmith + cviecco)
*** {{miss|Land Insanity::PKIX}} - {{bug|878932}} (briansmith + cviecco)
*** {{done|Implement: TLS 1.2 enabled on nightly}} requires server intolerance + telemetry (cviecco +  briansmith)
*** {{done|Implement: TLS 1.2 enabled on nightly}} requires server intolerance + telemetry (cviecco +  briansmith)


Line 30: Line 30:
** DRI: christoph (+tanvi)
** DRI: christoph (+tanvi)
** Tasks:
** Tasks:
*** {{ok|Implement: redirect bug}} - {{bug|418354}} and {{bug|878890}}
*** {{miss|Implement: redirect bug}} - {{bug|418354}} and {{bug|878890}}
*** {{done|Implement: don't show mixed content on http pages}} - {{bug|909920}} (may require content policy api changes)
*** {{done|Implement: don't show mixed content on http pages}} - {{bug|909920}} (may require content policy api changes)
*** {{done|Implement: missing notification}} - {{bug|915951}}.
*** {{done|Implement: missing notification}} - {{bug|915951}}.

Revision as of 18:25, 13 December 2013

(Also linked from Platform/2013-Q4-Goals#Security)

This quarter, every goal must have more than one person affiliated with and working on it. There is still a DRI, but nobody is working alone.

  • Sandboxing
    • Outcome: Next set of steps towards a exploit-containing platform.
    • DRI: sid (+keeler +christoph)
    • Tasks:
      • [DONE] Implement: Chromium-sandbox: make it possible to compile and activate on mozilla-central - (keeler + bbondy)
      • [ON TRACK] Implement: b2g/e10s security feature tests: Get CSP tests passing in e10s with help from overholt on platform team (garrett + sid + mwobensmith)
      • [DONE] Implement: enable seccomp-bpf for linux desktop - bug 935111 (christoph)
  • Roadmaps
    • Outcome: More visibility and aim for our team's projects.
    • DRI: monica (+sid +garrett +cviecco +briansmith)
    • Tasks:
  • NetSec
    • Outcome: Massive improvement in channel security for SSL sites that want protection from decryption.
    • DRI: briansmith (+cviecco)
    • Tasks:
      • [MISSED] Land Insanity::PKIX - bug 878932 (briansmith + cviecco)
      • [DONE] Implement: TLS 1.2 enabled on nightly requires server intolerance + telemetry (cviecco + briansmith)
  • Mixed Content wrap up
    • Outcome: Mixed script is blocked widely on the web in a stable way (and has no more urgent follow-ups.)
    • DRI: christoph (+tanvi)
    • Tasks:
      • [MISSED] Implement: redirect bug - bug 418354 and bug 878890
      • [DONE] Implement: don't show mixed content on http pages - bug 909920 (may require content policy api changes)
      • [DONE] Implement: missing notification - bug 915951.
      • [DONE] Implement: persistency for child tabs - bug 906190
  • CSP
    • Outcome: Wider adoption of CSP when Firefox supports these features (and beginning of CSP v1.1)
    • DRI: garrett (+sid)
    • Tasks:
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/2013/Q4Goals&oldid=789571"