Security/B2G/Goals
From MozillaWiki
Contents
Long term goals
2015 Quarterly Planning
Q1 Team Goals
- Update application security model for FxOS 3.0 (granting of permissions, exposing more APIs, app packaging alternatives)
- Security Assurance for 2.2 (specicially NFC & Payments)
- Improving the path for FxOS security contributors
- Outline encryption feature goals for FxOS 3.0
- Improved incident response and vulnerability management processes
2014 Quarterly Planning
Q2 Team Goals
- Define security update & incident response plans
- Ensure security model supports FxOS 2.0 requirements (e.g. Loop, Haida)
- Reduce whitelist of dangerous system calls in sandbox implementation
Secondary Goals
- Rollout marketplace reviewer security training to app reviewers and plan for scaling to meet 2014 Marketplace growth requirements
- Work with OEMs to ensure partner modifications don’t compromise security
- Complete security reviews for 2.0 release
Q3 Team Goals
- Develop security build checklist for OEMs to adopt
- Launch bug bounty program
- Drive definition of crypto/key management features for 2.2
Secondary Goals
- Update, document and publicise security assurance processes to developer teams
- Improve app review tools based on community feedback
- Security enhancements to WebIDE/Marketplace
- Complete security reviews for 2.1 release
Q4 Team Goals
- Implement process for closing bug loop on lower-risk or non-blocking security issues
- Remove all high-risk exceptions in sandbox for 2.2
- Depends on platform & e10s sandboxing progress
Secondary Goals
- Implement controls to measure OEM compliance with security checklist (from Q3)
- Ensure we have met Marketplace 2014 growth goals (from Q2)
- Complete security reviews for 2.2 release