MozillaWiki

SecurityEngineering/2013/Q4Goals

< SecurityEngineering‎ | 2013
Revision as of 22:51, 27 September 2013 by Sidstamm (talk | contribs) (Created page with "=Q4 Goals= This quarter, every goal must have more than one person affiliated with and working on it. There is still a DRI, but nobody is working alone. * Sandboxing ** Out...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Q4 Goals

This quarter, every goal must have more than one person affiliated with and working on it. There is still a DRI, but nobody is working alone.

  • Sandboxing
    • Outcome: Next set of steps towards a exploit-containing platform.
    • DRI: sid (+briansmith +keeler +christoph)
    • Tasks:
      • [NEW] Implement: Chromium-sandbox: make it possible to compile and activate on mozilla-central - (briansmith + keeler + christoph)
      • [NEW] Consult: GFX-Remoting Form and document gpu-remoting plan (christoph + sid)
      • [NEW] Implement: b2g/e10s security feature tests: Get security feature tests (CSP, HSTS, window.crypto) passing in e10s with help from overholt on platform team (garrett + sid + mwobensmith)
  • Roadmaps & user data storage plan
    • Outcome: More visibility and aim for our team's projects.
    • DRI: monica (+sid +garrett +cviecco +briansmith)
    • Tasks:
      • [NEW] Consult: security roadmap update (sid + briansmith)
      • [NEW] Consult: privacy roadmap update (monica + sid)
      • [NEW] Consult: anonymity (tor) roadmap update (sid + mikeperry)
      • [NEW] Evangelize: roadmap brownbag or widely announced meeting scheduled to get feedback on roadmaps (monica + sid)
      • Consult: [NEW] form and document multi-stakeholder plan for unified storage/prefs so that our tracking story is not full of holes (monica + garrett + cviecco)
  • NetSec
    • Outcome: Massive improvement in channel security for SSL sites that want protection from decryption.
    • DRI: briansmith (+cviecco)
    • Tasks:
      • [NEW] Implement: TLS 1.2 enabled on nightly requires server intolerance + telemetry (cviecco + briansmith)
  • Mixed Content wrap up
    • Outcome: Mixed script is blocked widely on the web in a stable way (and has no more urgent follow-ups.)
    • DRI: tanvi (+christoph)
    • Tasks:
      • [ON TRACK] Implement: redirect bug - bug 418354
      • [ON TRACK] Implement: don't show mixed content on http pages - bug 909920 (may require content policy api changes)
      • [ON TRACK] Implement: missing notification - bug 915951
      • [ON TRACK] Implement: target = _parent - bug 906219
  • CSP
    • Outcome: Wider adoption of CSP when Firefox supports these features (and beginning of CSP v1.1)
    • DRI: garrett (+sid)
    • Tasks:
      • [ON TRACK] Implement: script nonce landed behind a pref. bug 855326 (garrett + sid)
      • [ON TRACK] Implement: script hash landed behind a pref. bug 883975 (garrett + sid)
Retrieved from "https://wiki.mozilla.org/index.php?title=SecurityEngineering/2013/Q4Goals&oldid=717095"