Security/Meetings/SecurityAssurance/2014-04-01

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

Agenda

(feel free to add things you would like to discuss)

  • [joes] No Security Assurance work week planned
  • [joes] Services (dev) is having a work week in MTV this week
  • [curtis] stats
    • what stats do we think are important to talk about (for each team)
    • what stats do we think are important to report up the chain?
      • waiting time: if we're a team that provides security services, people need to know how long they have to wait in line.
      • why specifically "up the chain" rather than publicly, or to the relevant development team? < because we need to communicate internally to mgmt before we go public with info; not mgmt, internally. no reason to withold data from staff
    • Question from joes: what stories do our stats tell? Who is the audience?
      • we don't know that yet
    • Question from joes: Can the stats be sent to a mailman list of interested parties? Recommend not sending automated mail to nightwatch@.
      • that would be the general idea, but to some degree we should have internal metrics that everyone on the should be aware of and using to guide work
  • [ulfr] HA Proxy termination in AWS (5 mins)
  • [mgoodwin]
    • What's going on in Fennec (4 mins max)
  • [pauljt] (3 mins)
  • HITB
    • Not looking good (sponsoring it)
    • Paul is looking for help
    • Question: What value do we get in sponsoring it?
    • Action Item: Conversation needed about sponsoring and attending conferences -> Security Council discussion on April 7.
  • [dveditz] (2 mins)
    • Special bug bounty program for mozilla::pkix
  • [yvan] (3 mins)
  • Web Security / Cloud Services Update

Silent Updates

  • [joes] OpSec Q2 goals in progress. Will email out tomorrow.