SecurityEngineering/2013/Q3Goals

From MozillaWiki
Jump to: navigation, search

Q3 Goals

  • [MISSED] Finish first phase of Sandboxing
    • Outcome: seccomp in e10s/Larch or on nightly + clear roadmap
    • DRI: Sid
    • Tasks:
      • Consult : E10S contributions to make it reasonably usable in nightly. (without extensions/plugins)
      • Implement : [MISSED] Fix window.crypto to work in E10S
      • Implement : [DROPPED] Fix CSP tests to work in E10S
      • Implement : [DONE] land seccomp for Linux (min bar for sandboxing) related: bug 790923 and bug 914716
      • Research : [MISSED] Prioritize secomp tightening steps, begin executing it
      • Research : [DONE] Create story/plan for addon compatibility (also see evilpie's doc)
  • [DONE] Cookie Clearinghouse
    • Outcome: Identify feasibility and nail down spec
    • DRI: Monica
    • Tasks:
      • Implement : [DONE] spec out list format and make go/nogo decision on implementation
      • Consult : [DROPPED] drive Stanford effort to stable spec


  • [MISSED] Implement alternative revocation checking mechanisms
    • Outcome: must-staple + pinning + insanity on by default in nightly
    • DRI: Camilo
    • Tasks:
      • Implement : [MISSED] Enable insanity::pkix validation by default on nightly -- starting to land as of 9/16
      • Implement : [DROPPED] Land key pinning
      • Implement : [MISSED] Land must-staple support


  • [DONE] SafeBrowsing 2.0
    • Outcome: App reputation whitelist on by default in nightly
    • DRI: Monica
    • Tasks:
      • Implement : [DONE] Land app reputation system with whitelist support bug 842828