Security/B2G/Goals

Long term goals

2015 Quarterly Planning

Q1 Team Goals

• Update application security model for FxOS 3.0 (granting of permissions, exposing more APIs, app packaging alternatives)
• Security Assurance for 2.2 (specicially NFC & Payments)
• Improving the path for FxOS security contributors
• Outline encryption feature goals for FxOS 3.0
• Improved incident response and vulnerability management processes

2014 Quarterly Planning

Q2 Team Goals

• Define security update & incident response plans
• Ensure security model supports FxOS 2.0 requirements (e.g. Loop, Haida)
• Reduce whitelist of dangerous system calls in sandbox implementation

Secondary Goals

• Rollout marketplace reviewer security training to app reviewers and plan for scaling to meet 2014 Marketplace growth requirements
• Work with OEMs to ensure partner modifications don’t compromise security
• Complete security reviews for 2.0 release

Q3 Team Goals

• Develop security build checklist for OEMs to adopt
• Launch bug bounty program
• Drive definition of crypto/key management features for 2.2

Secondary Goals

• Update, document and publicise security assurance processes to developer teams
• Improve app review tools based on community feedback
• Security enhancements to WebIDE/Marketplace
• Complete security reviews for 2.1 release

Q4 Team Goals

• Implement process for closing bug loop on lower-risk or non-blocking security issues
• Remove all high-risk exceptions in sandbox for 2.2
• Depends on platform & e10s sandboxing progress

Secondary Goals

• Implement controls to measure OEM compliance with security checklist (from Q3)
• Ensure we have met Marketplace 2014 growth goals (from Q2)
• Complete security reviews for 2.2 release