Security/Meetings/SecurityAssurance/2012-10-02
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Last quarter's goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/SECURITY/2012+-+Q3+Goals
- Next quarter's goals - We've been discussing in subteams with managers, right?
- Review Security Radar Page - https://wiki.mozilla.org/Security/Radar
- B2G Testing https://b2gtestdrivers.allizom.org/ - In SF or MV? Sign up
- Be aware that you might get pulled off of what you're doing to do something B2G-related or Marketplace-related
Security Review Status (curtisk)
- Completed in Q3 2012:
- Number of Reviews Completed (so far this quarter):57 (55) <-- Final Q3 Numbers?
- All Outstanding Reviews: 139(143)
- Number of reviews without risk rating: 23
- Number of reviews without deadline set: 97
- Yours
- Overall
Operations Security Update (Joe Stevensen)
Release Engineering security review update
Project Updates
Please don't leave blank. Add "No Update" if nothing has changed
Silent updates (rforbes / dveditz)
B2G (Paul Theriault, David Chan)
- things keep breaking for testing
- got a spare (mozilla) Nexus S in MV/SF if anyone needs to test before getting the dog fooding device (hint: its faster than the dog fooding device :P) (contact :kang)
Thunderbird (Adam Muntner)
Rust (Jesse Ruderman)
Mobile (Mark Goodwin)
- Been working on Safe Browsing, reading private browsing code in prep. for upcoming review
Sync (Simon Bennetts & Adam Muntner)
Services (Simon Bennetts & Adam Muntner)
Social - Pancake (Mark Goodwin)
- No update
Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)
JS (Christian Holler)
- [decoder] Extended LangFuzz to two ESX VMs as per Q3 goal
DOM, XPConnect (Jesse Ruderman)
- DOM fuzzer: Now testing keystrokes
- DOM fuzzer: Now testing under ASan continuously, on one machine
Layout, Style (Jesse Ruderman)
Automation Tools (Gary Kwong)
- No update
Web Developer Tools (Mark Goodwin)
- Devtools work week last week
- I mostly hacked on things - helped with some GCLI commands etc
- Also learned loads about all sorts of things from the devs there
- Most interesting new stuff - remote everything (chrome debugging, web console), JS profiler
Networking (Christoph Diehl)
- WebRTC
- SDP fuzzer now supports RFC 4566 and 5245
Graphics (Christoph Diehl) =
- No update
Networking ( Media / Codecs)
Market (Raymond Forbes)
Firefox APIs (Raymond Forbes)
Payment Flow (Raymond Forbes)
Dynamic API Security Model (Raymond Forbes)
WebRT (Raymond Forbes)
BrowserID
Identity Services (David Chan)
Addons.M.O (Raymond Forbes)
Bugzilla.M.O (Mark Goodwin & Eric Parker)
- No update
Mozillians (Raymond Forbes)
MDN (Raymond Forbes)
SUMO (Kitsune) ()
AddressSanitizer (Christian Holler)
- [decoder] We now have automated try pushes with tests running. Results are automatically scanned for ASan failures and mailed.