Security/Meetings/SecurityAssurance/2012-07-10
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Intros
- Q2 Goals Recap
- Q3 Goals
- Horizons
- Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/INFRASEC/2012+-+Q2+Goals
- https://wiki.mozilla.org/Security/RiskRatings#Business_Risk_Ranking
- [decoder] On PTO, not in the meeting today
- [decoder] AddressSanitizer autobuilds for mozilla-central broken (bug 772046), some problem caused by WebRTC code. Trying to workaround with --disable-webrtc right now.
- [pauljt] b2g progress, landing thick and fast at the moment. May need help over the next month, going to confirm deadlines for sec reviews at today's b2g meeting
- [gkw] brownbag tomorrow at 1pm PT in Ten Forward, "Challenges to Mozilla adoption in China"
- Plugins!
Pauljt PTO from 31st July for the two weeks prior to our work week.
Security Review Status (koenig)
- Completed in Q2 2012: 44
- Number of Reviews Completed (so far this quarter): 1 (0)
- Number of Outstanding Reviews: 153 (144)
Operations Security Update (Joe Stevensen)
- No update. Defining Q3 tactical goals this week.
Project Updates
Please don't leave blank. Add "No Update" if nothing has changed
Silent updates (rforbes / dveditz)
B2G (Paul Theriault, David Chan)
- vendor demo due 19th, lots of ptessure to land, especially appcache/jar &gfx.
- M4 target 20/7, lots landing at the moment
- Read the gaia summary! :) https://docs.google.com/document/d/1Q6VZAN4GI_3zUe1oILrsAlTR6ODUnF2xjpHq5LrNAdk/edit
- If you want to help, reviewing gaia apps would be a good place to start. These are relatively self-contained client side html apps. If you want to take one for review, please just let me know, or take the appropriate secreview bug (should be one for each app)
Thunderbird (Adam Muntner)
Rust (Jesse Ruderman)
Mobile (Mark Goodwin)
- No update (no engineering meeting last week)
Sync (Simon Bennetts & Adam Muntner)
Services (Simon Bennetts & Adam Muntner)
Social - Pancake (Mark Goodwin)
- The team is working on the last few pieces before we're ready for public release (mostly comms, etc). Currently queued for App Store review.
Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)
JS (Christian Holler)
- [gkw, decoder] Provided fuzzing support for bug 771039 on request.
DOM, XPConnect (Jesse Ruderman)
Layout, Style (Jesse Ruderman)
Automation Tools (Gary Kwong)
- No update
Web Developer Tools (Mark Goodwin)
- No update
Networking (Christoph Diehl)
- Diving into Peach 3 - initial beta will be released at upcoming BlackHat
- Working on adding VoiceMail support to SMS fuzzer https://bugzilla.mozilla.org/show_bug.cgi?id=736710
Graphics (Christoph Diehl) =
- No update
Networking ( Media / Codecs)
Market (Raymond Forbes)
Firefox APIs (Raymond Forbes)
Payment Flow (Raymond Forbes)
App Sync (David Chan)
Dynamic API Security Model (Raymond Forbes)
WebRT (Raymond Forbes)
BrowserID
Identity Services (David Chan)
Addons.M.O (Raymond Forbes)
Bugzilla.M.O (Mark Goodwin & Eric Parker)
- No update