Security/Meetings/SecurityAssurance/2013-02-26
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- [curtis] Django stuff https://bugzilla.mozilla.org/show_bug.cgi?id=843345
- Goals - Please keep status up to date -
- Metrics
- Data Protection Program
- Preparing for pwn2own
PTO/Travel
- Some people are at BSidesVancouver and CanSecWest (+pwn2own) next week.
- RSA is this week.
- PT off friday 1st/monday 4th
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
- Raymond Forbes : Feb 27 - March 2 : Nullcon : Bug Bounty Programs
Planned Blog Posts
Security Review Status (curtisk)
- Completed in Q4 2012: 50
- Completed this Quarter 45
https://security-review-statistics.vcap.mozillalabs.com/weekly
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with
Firefox Desktop
Java CTP
Firefox Mobile
Firefox OS
MWC! :) Gaia sec reviews due by 13th V1.0.1 reviews due end of quarter (existing goal) Weekly notes: https://etherpad.mozilla.org/firefoxossecteammtg Documentation is also focus atm: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security (review, read, contribute etc please)
Firefox Core
- [cdiehl, choller] Resolved multiple blockers for TSan (Thread Sanitizer v2) on Firefox
- Bugs filed so far: https://bugzilla.mozilla.org/buglist.cgi?quicksearch=OPEN%20sw%3A%5Btsan
- [gkw, choller] Fuzzing Baseline Compiler
- New bugs this week: http://tinyurl.com/ab5h2jr 14 issues
- [choller] Fuzzing Odinmonkey
- New bugs this week: http://tinyurl.com/azzpz3v 16 issues
- [gkw] We now have the ability to properly fuzz threadsafe builds by default, at least on Mac 64-bit
MarketPlace
Web Apps
Services
Operation Security
Cool Stuff
- Call out for JSfunfuzz at BsidesSF yesterday (page 5): http://deadliestwebattacks.files.wordpress.com/2013/02/javascript-security-html5.pdf
