Security/Meetings/SecurityAssurance/2013-07-09

From MozillaWiki

< Security‎ | Meetings‎ | SecurityAssurance

Jump to: navigation, search

« previous week | index | next week »

Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
Phone (Toronto): 416 848 3114 x92 Conf: 95316#
Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Contents

1 Agenda
2 Upcoming Speaking Engagements
3 Planned Blog Posts
4 Security Review Status (curtisk)
5 Operations Security Update (Joe Stevensen)
6 Project Updates

Agenda

Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdGVNXzUxZkJ0WHJPNG0wMDF3ODF6REE
- [mcoates] Everyone should choose goals and put them in the spreadsheet this week.
Company-wide goals
- Dashboard: https://goals.mozilla.org/2013Q3.htmlv
- More info: https://intranet.mozilla.org/2013Q3Goals
- Only "interlocking" items are listed here
Metrics
- https://security-review-statistics.vcap.mozillalabs.com/
- https://people.mozilla.com/~sarentz/p/dashboard
Summit - see email
Team meetup - Paris - September 16-20
- Book Travel (flight)
- Put agenda ideas on https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AmLct3lOMM6ZdDAyd0tvaUxmV3BkdV81aDA5UXlINkE#gid=3
  - Scheduling comes later
question about super-admin-interface on sendto.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=891348 [:freddyb]
Short (length-restricted) XSS attack vectors with //ø.pw :) [:freddyb]
- Varies its response based on the Accept header
- supports ssl
- source on github: https://github.com/freddyb/xn--pda
Character-restricted XSS attack vectors with http://www.jsfuck.com/ [jesse]
- http://patriciopalladino.com/blog/2012/08/09/non-alphanumeric-javascript.html
- [cr] Good job nerd-sniping the entire meeting
Security Reports
- none new

[PT]- secreviews on b2g 'Project Oprah' (you get a review, you get a review, you get a review...) *Looks under his chair* +1

Meetup with 1Password [st3fan]

Dynamic toolbar on android; thoughts / ideas, pls?

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

Planned Blog Posts

https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c

https://security.etherpad.mozilla.org/2084 - fuzzdb post needs to be reviewed

Security Review Status (curtisk)

Completed in Q1 2013: 66

https://security-review-statistics.vcap.mozillalabs.com/weekly

Operations Security Update (Joe Stevensen)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

MarketPlace

Web Apps

Services

Operation Security

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Meetings/SecurityAssurance/2013-07-09&oldid=674581"