Security/Meetings/SecurityAssurance/2013-12-17
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
- Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
- Phone (Toronto): 416 848 3114 x92 Conf: 95316#
- Phone (US): 800 707 2533 (pin 369) Conf: 95316#
Contents |
Agenda
- Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AthhYg2CqN25dGRDX0ZqTkJ4dTJGWFVyb2RmNTNDbmc
- Metrics
- [jesse] Nothing on the agenda? Let's argue about http://krebsonsecurity.com/2013/12/the-case-for-a-compulsory-bug-bounty/ !
- Conversation wandered into desktop vs mobile security
- Conversation wandered into implications of firefox-for-android's web-app store on android security. User has to tell Android to 'allow installations from untrusted sources'. (called APK-Factory)
- Granularity of APIs on Firefox OS.
- [Jesse] There should be a high bar for "track the user's location". Most apps really just need to "trigger a location picker" or "be triggered by a geofence".
- [Jesse] There should be a high bar for "manage the user's contact list". Most apps really just need "trigger a contact picker, possibly annotated with which contacts also use the app".
- [paul] I have some insight into how the Firefox OS team prioritizes features. I'll make a wiki page where you can add your ideas. Currently we just have a spreadsheet: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdHRPbFd0dXZWaTJYby1Ta3hrRzQ5Nmc#gid=0
- Security Reports
Upcoming Speaking Engagements
(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )
Planned Blog Posts
- [new] https://mana.mozilla.org/wiki/display/SECURITY/Security+Blog+Posts
- [old]https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c
Security Review Status (curtisk)
- Completed in Q1:64 / Q2: 72 / Q3:55
https://security-review-statistics.vcap.mozillalabs.com/weekly << busted til stefan returns
Operations Security Update (Joe Stevensen)
https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=38537341
Project Updates
Please add your name to the update so we know who to follow up with