Security/Meetings/SecurityAssurance/2012-06-05

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

  • Intern Intros
  • Our work week - ready to book travel
  • [Work Week] Accessability Aug 20-24th where b2g will be an area of activity - do we need to send anyone?
  • [Brown Bag] Leading change - curtisk on Thu
  • MarketPlace Update
  • Flash Update
  • B2G Update
  • MFBT w/ curtis today at ~5 (invite sent to nightwatch and l33t)
  • gkw in Beijing next week, anything to bring up?
  • Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
  • [decoder] Skipping meeting today to have a free evening for my birthday :) Updates are below. <BLINK>HAPPY BIRTHDAY!!! :)</BLINK> haha you forgot marquee:D

Security Review Status (curtisk)

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

No update

B2G (Paul Theriault, David Chan)

  • Permissions matrix final (or close to it)

https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0

  • Reviews trundle along, main blocker is features being complete (platform complete last week, feature complete July 20)

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

Still working on the capability thing (Alongside other things) learning lots...

Sync (Simon Bennetts & Adam Muntner)

no update

Services (Simon Bennetts & Adam Muntner)

notifications project may be changing significantly due to external requirements ==Static Analysis (Adam Muntner) We have access to Fortify Open Review now - Need to decide which apps to begin scanning - HP specifically requested HTML5 apps, they want to tune their scanner and some representative stuff will help them develop this capability a lot

Social - Pancake (Mark Goodwin)

No update

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

No update

JS (Christian Holler)

  • [decoder & gkw] IonMonkey fuzzing on x86/x86-64/ARM continuing until merge in 10 days, only a few bugs left right now, searching for new regressions introduced lately.
    • IM Correctness fuzzing bugs have all been resolved, searching for new ones now.
  • [Jesse, decoder] Working on getting jsfunfuzz to run with ASan shell builds

DOM, XPConnect (Jesse Ruderman)

  • [Jesse, decoder] Working on getting domfuzzer to run on ASan builds. It's working locally on Jesse's Linux box :)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

Web Developer Tools (Mark Goodwin)

Issues around remote devtools being usable without prompt have been resolved (awating verification). Responsive mode, async HUDService landed

Networking (Christoph Diehl)

  • No update - doing a lot of reading; started to build a fuzzer for SDP

Graphics (Christoph Diehl) =

  • No update
  • fuzzed Opus with applied patch of bug 751219 and new samples - nothing found.
    • bug 750231 (solved) caused some problems for bugs which have been found afterwards.
  • fuzzed Speex (standalone executable) - nothing found.

Networking ( Media / Codecs)

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

App Sync (David Chan)

client code has landed in m-c

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

no update

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

No update

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

= Bug Bounty

http://www.mozilla.org/security/hall-of-fame.html