SecurityEngineering/MeetingNotes/03-15-12

From MozillaWiki
Jump to: navigation, search

Standing agenda

  • Review currently active (P1) features against their established milestones, identify any blockers - https://wiki.mozilla.org/Security/Roadmap + https://wiki.mozilla.org/Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Upcoming events, OOO/travel, etc.

Thoughts for Goals for Q2

Ideas:

Security Topics for DevTools Work Week

Topic Mark and I can present for devtools work week. Ideas for Security Developer Tool(s):

  • DOMinator
  • CSP:
    My site looks like this (browse around) what's the most strict CSP policy I can apply?
    what do I need to do to my site to implement at CSP policy like this?
    Link debugging stuff to CSP errors and warnings. Debugging Violations.
  • Expose mixed content frames/images/etc.
  • Why not getting green/blue bar for certs
  • Password field loaded in plaintext
  • Dev mode for best practices - out of compliance is highlighted.

Brainstorm

Secure Education via Tools.

Sid Landed https search :)

Yay Sid!

https://bugzilla.mozilla.org/show_bug.cgi?id=633773