• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, MTV 217 Star Trek
• Phone (US/Intl): 650 903 0800 x92 Conf: 95217#
• Phone (Toronto): 416 848 3114 x92 Conf: 95217#
• Phone (US): 800 707 2533 (pin 369) Conf: 95217#

Agenda

• [joes] Heartbleed update
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
  • https://bugzilla.mozilla.org/show_bug.cgi?id=993094
  • Non openssl LB's saved our bacon
  • Discussion: Vidyo affected and not patched. Mass LDAP reset?
• [jesse] Should Firefox do anything after Heartbleed? Treat all certs issued before April 8 as invalid, regardless of what expiration says?
• [kang] Operations Security Documentation work (4 mins) (tabled til next week as no Kang)
  • Security Lifecycle
  • Security Review Process
  • Coding Policies
• [yvan] Web Application Security in 2014 (4 mins) (tabled til next week as no Yvan)
  • Minion and Security Automation
• [omerta] FirefoxOS Web App Analyzer = ScanJS (4 mins)
  • Demo at http://mozilla.github.io/scanjs/client/
• [psiinon] Creating Zest scripts demo (5 min)
  • https://developer.mozilla.org/en-US/docs/zest
  • ^ video linked off that page
• [freddyb] contributors from my university, how to handle this?

Team Updates (slient)

Operations Security Update

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

MarketPlace

Web Apps

Services

Operation Security