Security/Meetings/SecurityAssurance/2013-06-25
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Agenda
- Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdHU3a2lJRV8xckZXclZJdkNlN3dUYVE&usp=sharing
- Metrics
- Q3 goals
- MoCo "goals interlock" is tomorrow. Tell Michael today if we need things from other teams.
- Michael will announce our "team goals" really soon
- We will work on our "individual goals" slightly later
- [yeukhon, Jesse] Playing with clang's undefined behavior sanitizers
- http://clang.llvm.org/docs/UsersManual.html#controlling-code-generation
- https://developer.mozilla.org/en-US/docs/Building_SpiderMonkey_with_UBSan
- As compiler optimizations improve, undefined behavior bugs may become user-visible
- The idea is to get our regression tests passing UBSan, and then fuzz with it
- decoder did something similar a while ago. I wonder why he stopped.
- PR is worried about a "malware analyst" blog post that criticized Firefox OS security [freddyb,pauljt,fxos-whoever].
- How should we respond, especially where we believe the blog post is inaccurate?
- freddyb wrote a blog post that will go out soon after a comment round.
- Should we all look at a draft together in etherpad?
- freddyb wrote a blog post that will go out soon after a comment round.
- How should we respond, especially where we believe the blog post is inaccurate?
- [Yvan] Security-review documentation update
- [mcoates] Please use the public IRC channel #security more, and #security-private less.
- [mcoates] Q3 focus items - documentation & clarity for Mozilla
- [gkw] Looking into Puppet to manage fuzzing machines.
- opsec/SRE's got immense puppet knowledge (says freddy)
- stefan and joes are interested
- Upcoming team meetup in Paris
- Jesse is concerned that the "big room with dividers" will have noise problems, especially for people who are trying to participate remotely.
- Evening plans are coming together
- Mon: Dinner with your sub-team
- Wed:
- Thur:
- [mcoates] Update from summit planning event & other events
- [mcoates] Focus on community integration
- a regular show&tell could increase visibility. (says freddy)
- [mcoates] Focus on community integration
- Summit locations for employees on our team have been determined.
- See "2013 Summit Locations" in our google drive share.
- Inviting volunteers (including bounty hunters) to our team meetup (??)
- Coordinate through yvan?
- Timeline??
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
Planned Blog Posts
Security Review Status (curtisk)
- Completed in Q1 2013: 66
https://security-review-statistics.vcap.mozillalabs.com/weekly
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with
Firefox Desktop
Firefox Mobile
Firefox OS
- [cr] We have a Pomodoro app now ;) https://marketplace.firefox.com/app/pomodorino