• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

• [curtisk] communications schedule
  • need updates from joes, tinfoil, michal`, dveditz, Jesse
    • (see email sent this morning)
• [gkw] overdue MozCamp Asia 2012 roundup
• [dchan] PTO 12/26 - 01/04
• [joes] kang on PTO today (traveling to France)
• [curtisk] PTO 12/26-12/28
• [decoder] Please read https://security.etherpad.mozilla.org/SecurityBlogSecurityCoverage (If you have, but had nothing to add/comment, just let me know)
• Goals - Please keep status up to date - https://mana.mozilla.org/wiki/display/SECURITY/2012+-+Q4+Goals
• [joes] Some other teams are already deciding their goals for Q1, so if we need things from them, better contact them this week!
• Review Security Radar Page - https://wiki.mozilla.org/Security/Radar

Upcoming Speaking Engagements

• (Who) : Date: Name of Event : Talk Title: Link
• Yvan Boily : Dec 15 : BSidesSeattle : Security Testing with ZAP (Seattle)
• Simon Bennetts : Feb 2-3 : FOSDEM : Talking about ZAP :)

Security Review Status (curtisk)

Chart View:

• Completed in Q4 2012:
• Number of Reviews Completed (so far this quarter):47 (37)
  • https://bugzilla.mozilla.org/buglist.cgi?list_id=4619884;resolution=FIXED;chfieldto=2012-12-31;query_format=advanced;chfield=resolution;chfieldfrom=2012-09-30;type0-0-0=anywords;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org
• Number of Outstanding Reviews: 132 (140)
  • https://bugzil.la/comp%3A%22security%20assurance%3A%20review%20request%22
• Number of Reviews Ready For Review: 73(77)
  • https://bugzil.la/component%3A%22Security%20Assurance%3A%20Review%20Request%22%20%2Bsw%3A%22pending%22%20-flag%3A%22needinfo%22
• Number of reviews without risk rating:51(61)
  • https://bugzil.la/component%3A%22Security%20Assurance%3A%20Review%20Request%22%20-sw%3A%22%5Bneeds%20info%5D%22%20-sw%3A%22%5Bscore%3A%22
• Number of reviews without deadline set:122(130)
  • https://bugzilla.mozilla.org/buglist.cgi?field0-0-0=cf_due_date;query_format=advanced;resolution=---;type0-0-0=isempty;component=Security%20Assurance%3A%20Review%20Request;product=mozilla.org
• Find Yours:
  • MIssing Risk Rating (Yours)
  • Without Deadline (Yours)

Operations Security Update (Joe Stevensen)

Project Updates

Please don't leave blank. Add "No Update" if nothing has changed

Silent updates (rforbes / dveditz)

B2G (Paul Theriault, David Chan)

• try run of test suite was too slow, will change test structure slightly (bug 811141)
• permissions document was finalized (bug 815565)
  • however some of the APIs using permissions are still in flux

Thunderbird (Adam Muntner)

Rust (Jesse Ruderman)

Mobile (Mark Goodwin)

Sync (Simon Bennetts)

Services (Simon Bennetts & Adam Muntner)

Jetpack, Add-on SDK, Add-on Builder (Dan Veditz)

JS (Christian Holler)

• Fuzzing bug 808245 (Use YARR's new MatchOnly JIT mode)
• IonMonkey threaded compilation enabled by default now

DOM, XPConnect (Jesse Ruderman)

Layout, Style (Jesse Ruderman)

Automation Tools (Gary Kwong)

• N

Web Developer Tools (Mark Goodwin)

Networking (Christoph Diehl)

• "Big lock" patch just landed on m-i: https://bugzilla.mozilla.org/show_bug.cgi?id=792175
  • going to re-test SDP this week

Media / Graphics (Christoph Diehl) =

Peach (Christoph Diehl / Raymond Forbes) =

Market (Raymond Forbes)

Firefox APIs (Raymond Forbes)

Payment Flow (Raymond Forbes)

Dynamic API Security Model (Raymond Forbes)

WebRT (Raymond Forbes)

BrowserID

Identity Services (David Chan)

Addons.M.O (Raymond Forbes)

Bugzilla.M.O (Mark Goodwin & Eric Parker)

Mozillians (Raymond Forbes)

MDN (Raymond Forbes)

SUMO (Kitsune) ()

AddressSanitizer (Christian Holler)

• Lockup problem with zombie process remaining (on Linux), investigating...