Security/Meetings/SecurityAssurance/2012-06-05
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Intern Intros
- Our work week - ready to book travel
- egencia -or - travel agent (email pending for this option)
- travel should arrive Mon-13-Aug
- Hotel is booked en-mass
- OpSec is meeting with Systems team on Tues/Weds; then with Security Assurance on Thurs/Fri
- https://mana.mozilla.org/wiki/display/INFRASEC/2012+Q3+London
- [Work Week] Accessability Aug 20-24th where b2g will be an area of activity - do we need to send anyone?
- [Brown Bag] Leading change - curtisk on Thu
- MarketPlace Update
- Flash Update
- B2G Update
- MFBT w/ curtis today at ~5 (invite sent to nightwatch and l33t)
- gkw in Beijing next week, anything to bring up?
- Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
- [decoder] Skipping meeting today to have a free evening for my birthday :) Updates are below. <BLINK>HAPPY BIRTHDAY!!! :)</BLINK> haha you forgot marquee:D
Security Review Status (curtisk)
- Number of Reviews Completed (so far this quarter): 51 (last week 49)
- https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-review-complete%2C%20;keywords_type=allwords;list_id=2876446;field0-0-0=keywords;type0-0-0=changedafter;value0-0-0=2012.03.31;query_format=advanced = 21 (22)
- https://bugzilla.mozilla.org/buglist.cgi?list_id=2999910;resolution=FIXED;chfieldto=Now;chfield=resolution;query_format=advanced;chfieldfrom=2012-03-31;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org =30(27)
- Number of Outstanding Reviews: 185 (last week 193)
- https://bugzilla.mozilla.org/buglist.cgi?keywords=sec-review-needed%2C%20;query_format=advanced;keywords_type=allwords;list_id=2876531;field0-0-0=product;type0-0-0=notequals;value0-0-0=mozilla.org;resolution=---;resolution=DUPLICATE = 48 (50)
- https://bugzilla.mozilla.org/buglist.cgi?list_id=2999921;query_format=advanced;bug_status=UNCONFIRMED;bug_status=NEW;bug_status=ASSIGNED;bug_status=REOPENED;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org = 137 (143)
Operations Security Update (Joe Stevensen)
Project Updates
Please don't leave blank. Add "No Update" if nothing has changed
Silent updates (rforbes / dveditz)
No update
B2G (Paul Theriault, David Chan)
- Permissions matrix final (or close to it)
https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0
- Reviews trundle along, main blocker is features being complete (platform complete last week, feature complete July 20)
Thunderbird (Adam Muntner)
Rust (Jesse Ruderman)
Mobile (Mark Goodwin)
Still working on the capability thing (Alongside other things) learning lots...
Sync (Simon Bennetts & Adam Muntner)
no update
Services (Simon Bennetts & Adam Muntner)
notifications project may be changing significantly due to external requirements ==Static Analysis (Adam Muntner) We have access to Fortify Open Review now - Need to decide which apps to begin scanning - HP specifically requested HTML5 apps, they want to tune their scanner and some representative stuff will help them develop this capability a lot
Social - Pancake (Mark Goodwin)
No update
Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)
No update
JS (Christian Holler)
- [decoder & gkw] IonMonkey fuzzing on x86/x86-64/ARM continuing until merge in 10 days, only a few bugs left right now, searching for new regressions introduced lately.
- IM Correctness fuzzing bugs have all been resolved, searching for new ones now.
- [Jesse, decoder] Working on getting jsfunfuzz to run with ASan shell builds
DOM, XPConnect (Jesse Ruderman)
- [Jesse, decoder] Working on getting domfuzzer to run on ASan builds. It's working locally on Jesse's Linux box :)
Layout, Style (Jesse Ruderman)
Automation Tools (Gary Kwong)
- [decoder] ASan builds now automatically created on a daily basis by pushing to try (right now Linux64 central/aurora debug/opt): https://people.mozilla.com/~choller/firefox/asan/
Web Developer Tools (Mark Goodwin)
Issues around remote devtools being usable without prompt have been resolved (awating verification). Responsive mode, async HUDService landed
Networking (Christoph Diehl)
- No update - doing a lot of reading; started to build a fuzzer for SDP
Graphics (Christoph Diehl) =
- No update
- fuzzed Opus with applied patch of bug 751219 and new samples - nothing found.
- bug 750231 (solved) caused some problems for bugs which have been found afterwards.
- fuzzed Speex (standalone executable) - nothing found.
Networking ( Media / Codecs)
Market (Raymond Forbes)
Firefox APIs (Raymond Forbes)
Payment Flow (Raymond Forbes)
App Sync (David Chan)
client code has landed in m-c
Dynamic API Security Model (Raymond Forbes)
WebRT (Raymond Forbes)
BrowserID
Identity Services (David Chan)
no update
Addons.M.O (Raymond Forbes)
Bugzilla.M.O (Mark Goodwin & Eric Parker)
No update