Security/Meetings/2011-12-21

From MozillaWiki
Jump to: navigation, search

Clang Static Analysis (decoder)

Address Sanitizer Builds (decoder)

Brandon's Departure

  • Frowny face

Goals

Q4: https://intranet.mozilla.org/2011Q4Goals#Security Q1:

  • Develop prototype for automation and scalability of ARM and mobile fuzzing
    • Some of our machines under upgrading
    • Certain releng machines are only running DOM fuzzer now, should get jsfunfuzz / LangFuzz running too
  • What needs testing on mobile?
    • https://etherpad.mozilla.org/mobile-security-testing is my list. Brandon said he has a "master plan", but I don't know anything about it yet.
    • Mobile UI fuzzer idea is floating in the air, gkw is embedding into ateam meetings to find out how this might turn out
      • I [decoder] can probably give hints about the crash triage automation etc. on Android because LangFuzz has that builtin already.
        • ateam might have some APIs we can use
  • sync auth
  • Get stats on features we want to end-of-life (enablePrivilege, etc)
    • commoncrawl.org might help, for public web anyway (enablePrivilege tends to be used on intranets, not public)
      • It could be replaced by an addon
  • Security Questionnaire
    • Proof of concept implementation
    • Evaluation with previous security review participants
    • Overall improvements and decision if this is helpful and should be adopted into the process, or not
  • Plugin experience - drive update, click to play

Goal Priorities

  • Desktop
  • Fennec
  • B2G
  • Webapps
  • Identity

Random