Security/B2G/2013 3 13
Contents
- 1 News
- 2 Current/upcoming Reviews
- 3 Goal Status Updates
- 3.1 1. FirefoxOS related security reviews (owner: pauljt)
- 3.2 2. Document Firefox OS Security (owner: dchan)
- 3.3 3. Develop and land tests for security features (owner: dchan)
- 3.4 4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
- 3.5 5. Drive OS-layer security improvement (owner: kang)
- 3.6 6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
- 4 Other Items
News
- Security ratings - we need to do this more
https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdHljUUIxNkIyejU3ZzRVdXhfcjdmd0E#gid=0 Upcoming features:
Current/upcoming Reviews
Goal Status Updates
https://wiki.mozilla.org/Security/B2G/Reviews
- Gecko: 17 bugs remaining:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=754730&maxdepth=1&hide_resolved=1
- Gaia: 9 (some were not in the list) bug remaining:
https://bugzilla.mozilla.org/showdependencytree.cgi?id=748190&maxdepth=1&hide_resolved=1
2. Document Firefox OS Security (owner: dchan)
Status: ? Overview complete https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model Runtime Security - needs to be reviewed, seems a bit out of date - need to move app security stuff into /Application_security - need to move update stuff into its own page I think https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Runtime_security Application Security - needs a few sections complete - needs a review https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Application_security Draft Plan: https://security.etherpad.mozilla.org/MDN-Firefox-OS [pt] Started the app security page : https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Application_security
3. Develop and land tests for security features (owner: dchan)
after documentation
4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
Draft Plan: https://etherpad.mozilla.org/foxhunt
Preliminary list of Tasks finished, lots of open questions still
freddyb: question about sec-testing docs
5. Drive OS-layer security improvement (owner: kang)
- :cjones gone, need new buddy to get runtime security stuff merged in ;-) - pushing for ASLR => :glandium - Ilhan wants to make a video presentation about TrustZones (next week or so)
6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
Other Items
App signing: https://etherpad.mozilla.org/dLWLvIJr4o Security Testing Blog Post
