• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
• Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
• Phone (Toronto): 416 848 3114 x92 Conf: 95316#
• Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

• Goals - Please keep status up to date - https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AthhYg2CqN25dGRDX0ZqTkJ4dTJGWFVyb2RmNTNDbmc
• Metrics
  • https://security-review-statistics.vcap.mozillalabs.com/
  • https://people.mozilla.com/~sarentz/p/dashboard
• [jesse] Nothing on the agenda? Let's argue about http://krebsonsecurity.com/2013/12/the-case-for-a-compulsory-bug-bounty/ !
• Conversation wandered into desktop vs mobile security
• Conversation wandered into implications of firefox-for-android's web-app store on android security. User has to tell Android to 'allow installations from untrusted sources'. (called APK-Factory)
• Granularity of APIs on Firefox OS.
  • [Jesse] There should be a high bar for "track the user's location". Most apps really just need to "trigger a location picker" or "be triggered by a geofence".
  • [Jesse] There should be a high bar for "manage the user's contact list". Most apps really just need "trigger a contact picker, possibly annotated with which contacts also use the app".
  • [paul] I have some insight into how the Firefox OS team prioritizes features. I'll make a wiki page where you can add your ideas. Currently we just have a spreadsheet: https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdHRPbFd0dXZWaTJYby1Ta3hrRzQ5Nmc#gid=0
• Security Reports

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

Planned Blog Posts

• [new] https://mana.mozilla.org/wiki/display/SECURITY/Security+Blog+Posts
• [old]https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0AlDw2hHXmVgCdHN3LWZTZ0hjMElPc1g2clRKb2lNN3c

Security Review Status (curtisk)

• Completed in Q1:64 / Q2: 72 / Q3:55

https://security-review-statistics.vcap.mozillalabs.com/weekly << busted til stefan returns

• Alternate: 61
  • https://bugzilla.mozilla.org/buglist.cgi?list_id=8934209&resolution=FIXED&chfieldto=2013-12-31&chfield=cf_last_resolved&query_format=advanced&chfieldfrom=2013-10-01&bug_status=RESOLVED&bug_status=VERIFIED&bug_status=CLOSED&component=Security%20Assurance%3A%20Review%20Request

Operations Security Update (Joe Stevensen)

https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=38537341

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

MarketPlace

Web Apps

Services

Operation Security