MozillaWiki

Security/B2G/2013 12 17: Difference between revisions

Page Discussion

Security/B2G/2013 12 17 (view source)

Revision as of 20:29, 7 January 2014

483 bytes added ,  7 January 2014
no edit summary
(Created page with "== FirefoxOS Security Team Meeting == 1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_11_26 === Agenda Items === * [cr] FxOS malware i...")
 
No edit summary
 
Line 4: Line 4:
https://wiki.mozilla.org/Security/B2G/2013_11_26
https://wiki.mozilla.org/Security/B2G/2013_11_26
=== Agenda Items ===
=== Agenda Items ===
* [cr] FxOS malware incidence response
* [cr] FxOS Crypto Concept evolving: https://docs.google.com/a/mozilla.com/document/d/13dnmH4OsJc0ItMa0Z21VJcYJBK6kIb1om4B-DJk7N2E
  * draft in progress here: https://docs.google.com/a/mozilla.com/document/d/13V4si7tlAI5KMfYEzum1of9UizRgyqItDYdiVhXhvsM/edit#
** feel free to add responsibilities and folks who work on things as you are aware of
  * jeff bryner is our incidence response manager, cr will involve him.
** https://github.com/Netflix/NfWebCrypto
* NFC work week in jan 20th
** tie to desireable features that require crypto functionality to motivate development efforts
* Bug bounty
* [cr] FxOS Malware Incident Response evolving at https://docs.google.com/a/mozilla.com/document/d/13V4si7tlAI5KMfYEzum1of9UizRgyqItDYdiVhXhvsM
* sandbox / desktop roadmap being defined (will help with B2G remoting) (e10s guys do a lot of remoting)
** feel free to add comments and responsibilities you're aware of
** jld landing stack traces
** please add concrete incidents that you can think of
seccomp 1.4 tracking https://bugzilla.mozilla.org/show_bug.cgi?id=929277
* web crypto
**  
** https://bugzilla.mozilla.org/show_bug.cgi?id=865789
* env variable to disable sandbox at runtime https://bugzilla.mozilla.org/show_bug.cgi?id=928042 => B2G bug https://bugzilla.mozilla.org/show_bug.cgi?id=948620 <paul
[kang] https://wiki.mozilla.org/Security/Sandbox
* https://wiki.mozilla.org/Sandbox
[kang] https://docs.google.com/a/mozilla.com/document/d/1PFzcs4JH61vqR0lHv0PMQOIGn3NyhQSUAMSlAJm3T9Y/edit
* sprint wrapup
[arroway]
https://etherpad.mozilla.org/fxossprintsummary
*sec-review process: make the information more visible for the developers on the wiki
*follow up on fixing reported security bugs: block the following bug to raise attention on a specific security bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=876396
* Goals
* Goals
Add your goals here:
Add your goals here:
https://docs.google.com/a/mozilla.com/document/d/149yh9-_TPaKJosMKQXY8tKBkswlzNIc4bV3yAQix7GY/edit
https://docs.google.com/a/mozilla.com/document/d/149yh9-_TPaKJosMKQXY8tKBkswlzNIc4bV3yAQix7GY/edit
=== Previous Action Items ===
=== Previous Action Items ===
- post in standups WOOOT
* [PT] to talk to mvines to check on status of sandbox flags
* [PT] talk to QA on getting patch from QA to OEMs
* [GD] Testing sandboxing guide, updating wiki etc.
=== New Action Items ===
=== New Action Items ===
- [PT] to talk to mvines to check on status of sandbox flags
* [cr] prepare for 3-week vacation, returning on Jan, 13th
- [PT] talk to QA on getting patch from QA to OEMs
* [cr] polish crypto concept draft and send RFC to b2g-internal
- [GD] Testing sandboxing guide, updating wiki etc.
* [pt] update wiki sec review
=== Goal Status Updates ===
=== Goal Status Updates ===
===Other stuff===
===Other stuff===
* xss bookmarklet, http://mozfreddyb.github.io/escape-artist/xss_blookmarklet.html
* xss bookmarklet, http://mozfreddyb.github.io/escape-artist/xss_blookmarklet.html
Arroway
Confirmed users
152

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/868132"