Security/B2G/2013 27 5

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_20_5

News

   https://twitter.com/0xroot/status/351860112257855488/photo/1
   ^--- curtis reached out: https://twitter.com/mozsec/status/352157613246525441
   freddyb will talk to curtis.. or may have :p ✔
   need to draft incident response policy with carriers

Comparison document: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdGdIbEhuNDNlOUpjcFFVYXNQSjlONXc#gid=0 - automation - timeboxing - security champion

Weekly goals

Last Week: [dc] - mozapp iframe 751026 - done [dc] - tethinerg 776502 Current:

Goal Status Updates

FirefoxOS related security reviews (pauljt)

Develop and land tests for security features (dchan)

n/a

Bug Bounty defined and ready to launch (freddyb)

  • draft doc raised towards brendan and andreas (no reply yet)

Compile Firefox OS issue register (pauljt)

'hardening firefox os' https://docs.google.com/a/mozilla.com/document/d/16TrBjWhjnH0AQV_6I_jEGVNJKXDmKt8T4K_P-lKx9cc/edit#

Continue to document Firefox OS Security (pauljt)

Document Update schedule & incident response procedure (pauljt)

Firefox OS Sandboxing (kang)

   http://www.phoronix.com/scan.php?page=news_item&px=MTM5NjQ
   DT progresses on supervisor
   Seccomp review... well dhyland land is back today so im going to spam him
   mcoates is aware that its taking long

Malware Defense (cr)

  • no updates