Security/B2G/2013 6 5

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_4_29

News

   [cr] https://mana.mozilla.org/wiki/display/~cruetten@mozilla.com/TrustZone

   DT interested in helping implement things

   supervisor process

   fuzzing discussion with cdiehl (should join our meeting?)

   marta might join weekly meeting next week (or weeks)

(Who/What is DT? Link?) DeutscheTelekom Partners.

Weekly goals

Last Week: [pt] Review of gaia 1.0.1 [pt]SMS App review complete [pt] lots of encryption reading [pt] reviewing buri device [pt] ruxmon slides, demos etc. Current: [dc] take over some of paul's reviews [fb] bugbounty discussions, at least 1 review item [cr] get involved with mutimarket / metamarket

Goal Status Updates

FirefoxOS related security reviews (pauljt)

• Q2 Review target: https://wiki.mozilla.org/Security/B2G/Reviews
• SMS app done

Develop and land tests for security features (dchan)

• tests landed on moz-central!
• follow-up tests - some permission APIs not testable/new APIs

Bug Bounty defined and ready to launch (freddyb)

   minor updates

   get dans updates [action item freddy: poke dveditz, mcoates]

Compile Firefox OS issue register (pauljt)

Continue to document Firefox OS Security (pauljt)

https://bugzilla.mozilla.org/show_bug.cgi?id=876396

Document Update schedule & incident response procedure (pauljt)

no update

Firefox OS Sandboxing (kang)

   DT working on supervisor

   met with marta on video

   Cleaned up task items

   https://wiki.mozilla.org/B2G/Architecture/System_Security

   Sandboxing defined on MDN

   https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/System_security

Malware Defense (cr)

   [cr] help offered by cryptographer, how to involve him?

   no malware update