Security/Meetings/2011-11-09

From MozillaWiki
Jump to: navigation, search

Community steward

MozCamp Asia

  • Fuzz-testing in Mozilla (Gary)
    • It's on the interim schedule
    • Draft is out - please keep the feedback coming

MozCamp EU

travel recap

  • Lucas and Dan went to Bluehat
  • Curtis talked at SkyDogCon (video)

Stats project

  • please review bug list for ones that should be removed
  • remove from chemspill data (found by Lucas)
    • 594699
    • 590978
    • 440230
    • 441120
    • 334515

SecReviews

  • use of Vidyo for review meetings
    • I thought they were supposed to be public? < can still dial in
    • please make sure to publish the phone # still for people who can't do vidyo
    • we can also make a vidyo room with URL for public connection (I think)
  • changes to assigned tasks
    • completion timeframe/date

B2G/Apps Update

  • B2G has a roadmap with 3 major milestones: https://wiki.mozilla.org/B2G/Roadmap
    • bsterne to go back and look at Android threat model development and sec research history
    • Fuzz-testing the APIs should be on the radar in the future
  • App Store developer preview planned for 11/22:
 https://docs.google.com/document/d/1Fn0rO8sjmbn3dQh_F53nd-WYgpRYgaaCfjnNXBK7hx8/edit
    • there is a live environment there now, we should coordinate with InfraSec on testing it [bsterne]

Address Sanitizer

  • Now tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=699520
    • gkw confirmed the compile failure using modified Clang from Address Sanitizer
      • Described workarounds for compiler failures but ran into different problems
  • Have cc'ed the relevant devs, but largely blocked till this gets worked on

Silent Updates

  • status
  • concerns about bake time

Ownership of joint infrasec/prodsec projects

  • DRI

Embedding

Privacy Round-up

No reason to talk about this stuff, just items here for reference.

Recently completed SecReviews

What does Adobe dropping Mobile Flash mean for us?

  • Speculation
  • More speculation