Security/Meetings/SecurityAssurance/2013-07-02
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Contents |
Agenda
- [joes] Welcome OpSec Intern Anthony Verez, aka "averez" ++
- known to have association with members of the French Computer Security Society, including notorious members such as "kang" and "ulfr". Speaks French. <-- trustworthy? :D nope! Absolutely, I know at least 2 other people who can vouch for me :) All your base are belong to the French
- [psiinon] Web bug verification using existing tools https://mana.mozilla.org/wiki/display/SECURITY/AppSec+Web+Bug+Reviews
- minion?? <----
- other tools??
- Goals - https://intranet.mozilla.org/2013Q3Goals
- Company wide goals almost set -
- SecAss managers have decided on our team-wide goals, will share with the whole team soon.
- New format - our approach is driving this
- 2013Q3
- - Locking down end of this week - 2013Q2
- Quarter debrief with your manager - responsibility of employee to drive & schedule
- Talk about how the quarter went. Goals and other things you did.
- My schedule is more open than my manager's... +1
- Metrics
- https://security-review-statistics.vcap.mozillalabs.com/ (without_deadline fixed)
- https://people.mozilla.com/~sarentz/p/dashboard
- Security Reports
- Cost of Breach Report released from Ponemon and Symantec: https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
- psiinon (ZAP), freddy & yvan: August 20-23 AppSec EU
- psiinon (ZAP): November 18-21 AppSec USA
- yvan : rmll, belgium, july 7-12 (travel, only there 2 days)
Planned Blog Posts
- https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c
- Psinnon: https://mana.mozilla.org/wiki/display/~sbennetts@mozilla.com/Draft+blog+post%3A+How+to+speed+up+OWASP+ZAP+scans
- Adamm: https://security.etherpad.mozilla.org/2084 (FuzzDB)
- Yvan??
Security Review Status (curtisk)
- Completed in Q1 2013: 66
- Completed in Q2 2013: 66 \0/
https://security-review-statistics.vcap.mozillalabs.com/weekly
Operations Security Update (Joe Stevensen)
Project Updates
Please add your name to the update so we know who to follow up with