Security/Meetings/2011-12-15

Security content for MDN (curtisk)

https://developer.mozilla.org/en/Security/

• met with Sheppy & mcoates
• no process -> very informal
  • just start making stuff, MDN will handle organization
• need documentation of anything
• any contribution would be a win

MDN Problem: people don't complain, so they don't have much to go on what is wanted

How to find Documentation requests

• bugzilla: Component: Documentation Requests / Product: Mozilla Developer Network
• Ask does this need documentation?
  • How can others do this too to help us? How can the community use this to contribute?

What makes a good MDN article?

• Information: MDN->About NMDN (How to help:contents)
• really varies depending on type of content
• Writers guide: https://developer.mozilla.org/Project:en/Writer%27s_guide
• page naming guide: https://developer.mozilla.org/Project:en/Page_Naming_Guide
• #Devmo: irc channel for mdn writters

Don't Panic

• Get it written, someone will come along and make it pretty, just get it down
• don't worry about look, grammer etc lots of people to make it good who monitor for new content
• seed the area and others will contribute as well
  • this can end the cycle of problems

Good topics:

• websockets sec concerns
• fuzzing
• things to think about when designing a feature
  • process stuff is good too
  • how to get an appropriate security review
• need server side stuff, how-to
  • soup to nuts, server, app, code, network etc.
• Write secure Apps (FirefoxMarket)?

Apps & Firefox Market (mcoates)

• Lots of moving pieces
• https://wiki.mozilla.org/Security/Reviews/AppsProject

Intrusion Detection Magic (mcoates)

• Custom logging efforst within applicaitons for malicious actions (e.g. CEF logging)
• A little taste of what this can do - https://mana.mozilla.org/wiki/display/INFRASEC/ArcSight+Graphical+Representation+of+Logs+-+Event+Graphs