Security/B2G/2013 4 10
Contents
- 1 FirefoxOS Security Team Meeting
- 2 ==
- 3 Bigger Plan - 12 month items
- 4 Things we always do
- 5 Q2
- 6 Q3
- 6.1 Current/upcoming Reviews
- 6.2 Goal Status Updates
- 6.2.1 1. FirefoxOS related security reviews (owner: pauljt)
- 6.2.2 2. Document Firefox OS Security (owner: dchan)
- 6.2.3 3. Develop and land tests for security features (owner: dchan)
- 6.2.4 4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
- 6.2.5 5. Drive OS-layer security improvement (owner: kang)
- 6.2.6 6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
- 6.3 Other Items
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_2_20
News
- https://intranet.mozilla.org/Program_Management/Firefox_OS/Release_Version_Status/#FFOS_Version_Map - Sandboxing now a big priority in the project - Secure development guidelines: https://docs.google.com/a/mozilla.com/document/d/1DLs1jhTMxN5fh2PSb_O7FDaSadjjAW-MlK1xCBRWGmM/edit#heading=h.cf5se5o21xjw - CR going to be working with marketplace to help reviewers find these (^^) things - Finalising goals for Q2 - CSP 1.0 is landing, will impact Firefox OS certified apps. Working with gaia team to solve issues. Goals
==
Bigger Plan - 12 month items
- Drive key security controls (sandboxing, permissions improvments, harden APIs etc)
- Security Certification/Specification for Firefox OS (define what it means to be a Firefox OS device)
- Publicly capture security model, details, permission models
- Outreach efforts on Firefox OS security
Things we always do
- Platform Security Reviews
- App Security Reviews (Gaia & partner apps shipped with phone)
- Design assurance/guidance on new security features
Q2
- FirefoxOS related security reviews
- Develop and land tests for security features
- Bug Bounty defined and ready to launch
- Drive key security changes
- Compile Firefox OS issue register
- Continue to document Firefox OS Security
- Document update schedule
Q3
Current/upcoming Reviews
Goal Status Updates
2. Document Firefox OS Security (owner: dchan)
No update
3. Develop and land tests for security features (owner: dchan)
Follow status here https://bugzilla.mozilla.org/show_bug.cgi?id=815105 APIs changing in future (null on no permission, undefined for unsupported) https://bugzilla.mozilla.org/show_bug.cgi?id=859554
4.Engage communities & third-parties for Firefox OS security review and testing (owner: pauljt)
-- any ctf news? <-- on hold :(
5. Drive OS-layer security improvement (owner: kang)
got a kernel working on the unagi
got seccomp on the unagi kernel
https://people.mozilla.com/~gdestuynder/unagi_seccomp_1.tar.gz.enc
openssl enc -d aes-256-cbc -in unagi_seccomp_1.tar.gz.enc
alula morning table guitar elephant mustard
getting a keon this week for similar purposes ;-)
sandbox discussions everywhere!
6. Secure app developer/reviewer guidelines/tools (owner: rforbes)
Other Items
innerHTML