Security/Meetings/SecurityAssurance/2014-04-01
From MozillaWiki
< Security | Meetings | SecurityAssurance
- Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
- Place: Mozilla HQ, MTV 217 Star Trek
- Phone (US/Intl): 650 903 0800 x92 Conf: 95217#
- Phone (Toronto): 416 848 3114 x92 Conf: 95217#
- Phone (US): 800 707 2533 (pin 369) Conf: 95217#
Contents |
Agenda
(feel free to add things you would like to discuss)
- [joes] No Security Assurance work week planned
- [joes] Services (dev) is having a work week in MTV this week
- [curtis] stats
- what stats do we think are important to talk about (for each team)
- what stats do we think are important to report up the chain?
- waiting time: if we're a team that provides security services, people need to know how long they have to wait in line.
- why specifically "up the chain" rather than publicly, or to the relevant development team? < because we need to communicate internally to mgmt before we go public with info; not mgmt, internally. no reason to withold data from staff
- Question from joes: what stories do our stats tell? Who is the audience?
- we don't know that yet
- Question from joes: Can the stats be sent to a mailman list of interested parties? Recommend not sending automated mail to nightwatch@.
- that would be the general idea, but to some degree we should have internal metrics that everyone on the should be aware of and using to guide work
- [ulfr] HA Proxy termination in AWS (5 mins)
- [mgoodwin]
- What's going on in Fennec (4 mins max)
- [pauljt] (3 mins)
- HITB
- Not looking good (sponsoring it)
- Paul is looking for help
- Question: What value do we get in sponsoring it?
- Action Item: Conversation needed about sponsoring and attending conferences -> Security Council discussion on April 7.
- [dveditz] (2 mins)
- Special bug bounty program for mozilla::pkix
- [yvan] (3 mins)
- Web Security / Cloud Services Update
Silent Updates
- [joes] OpSec Q2 goals in progress. Will email out tomorrow.