• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

• Front End/Desktop Work Week (June 24-28) in Toronto
  • security Session would be a welcome addition, see Jaws for more info -> "how an exploit can do bad stuff"
• Metro Work Week in Vancouver this week
• JavaScript Work Week this week (May 13 - 17) in Santa Cruz
  • [gkw] Jesse and I are joining in the work week tomorrow - back to back work weeks on Wed.
• Release Engineering Work Week (May 20-24) in Sunnyvale.
  • [joes] will attend one day or part of
• Category Keywords
  • https://wiki.mozilla.org/Security_Severity_Ratings#Group_Keywords
  • Whenever a bug is filed or confirmed
  • Do this so that we can get metrics
• Team Meetup Survey - 18 responses - more to go
  • link in email to team
• Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdHU3a2lJRV8xckZXclZJdkNlN3dUYVE&usp=sharing
  • https://mana.mozilla.org/wiki/display/~mcoates@mozilla.com/2013Q2
• Metrics
  • https://security-review-statistics.vcap.mozillalabs.com/
  • https://people.mozilla.com/~sarentz/p/dashboard

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

• Curtisk - MOSSCON - Security in the Open http://www.mosscon.org/sessions/security-open
• Yvan Boily - RMLL (July 6-23)
• Yvan Boily - AppSecEU

Planned Blog Posts

• https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c

Security Review Status (curtisk)

• Completed in Q1 2013: 66

https://security-review-statistics.vcap.mozillalabs.com/weekly = 33 this quarter

Operations Security Update (Joe Stevensen)

• OpSec people on PTO this week
• Following up this week on Work week items (policy work, endpoint security, mfa testing)
• Infra is doing HG upgrade in June
• Working on our own Bugzilla OpSec doc so that we are marking bugs with:
  • keyworks
  • group keywords
  • sec ratings
  • whiteboard tags
  • start/stop dates for secreviews
  • (not just WHAT these mean but how/when/why to apply them to a bug. current knowledge is tribal)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

• [cr] sideloading / debug mode security discussion started in https://bugzilla.mozilla.org/show_bug.cgi?id=863669
• [cr] FxOS malware treatment discussion started in https://bugzilla.mozilla.org/show_bug.cgi?id=844227
• [cr] gonk-level malware detection/removal discussion started in

https://bugzilla.mozilla.org/show_bug.cgi?id=871898

• [cr] work with zamboni and app validator devs towards implementing permission-based review aids for reviewers

Firefox Core

MarketPlace

Web Apps

Services

Operation Security