SecurityEngineering/MeetingNotes/05-31-12

From MozillaWiki
Jump to: navigation, search

Standing Agenda

  • Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
  • Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
  • Suggest additions or changes to roadmaps
  • Detailed discussion of features or outstanding issues as time permits
  • Upcoming events, OOO/travel, etc.

Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/05-21-12

Roadmap

  • B2G - https://wiki.mozilla.org/Apps/Security <-- Security/Privacy model for B2G Apps
  • Mixed Content Blocker -
    • Chrome shipping with Mixed Script Content Blocked
    • Meeting with Asa scheduled for Wednesday.
  • Sign into Browser
  • Opt-in activation for plugins.
    • waiting on UI Design
    • waiting on reviews.
    • Upcoming Mini-working week, Blocklist discussion item
  • iframe Sandbox - waiting on reviews. Aiming for FF 16. Will finish off last two tests tomorrow.
  • Highlight Cleartext Passwords
    • Reading papers
    • Talked to UR and I'm starting surveys
  • Low-rights Firefox
    • Rough project plan with milestones.
    • Working on poc with Marshall - working towards getting a firefox linked with sandbox library that we can apply a policy to
  • CA Pinning
    • Some issues with permission manager.
  • HTTPS Google Search
    • Still in the tree. Shipped in 14 (now Aurora).
  • XSS Filter - https://bugzilla.mozilla.org/show_bug.cgi?id=528661
    • Updates by Riccardo ! Thank you Riccardo !
  • Password Manager Improvements - https://wiki.mozilla.org//Security/Features/PasswordManagerImprovements
    • Added feature page. Marked as unprioritized.
    • For bug https://bugzilla.mozilla.org/show_bug.cgi?id=759860, started coding, thinking it would be a few line change I could add on to Highlight Cleartext Passwords. bsmith has a better recommendation, but more complicated than a few line code change.
    • Unassigned
  • HSTS Preload List
    • Stephan for Pancake started hacking on this
    • Keeler was looking at this too.
    • We need a bug ! (please link it from the feature page)
  • X-Content-Type-Options - Tom Schuster is working on this and has a patch, see https://bugzilla.mozilla.org/show_bug.cgi?id=471020
    • it's on the roadmap but doesn't have a feature page

Additional Items

  • http://careers.mozilla.org/en-US/
    • Need to cross post Senior Security Engineer position and add missing privacy features
  • Visit from Adrienne
  • DNT
  • Travel page
  • 2 things to celebrate