SecurityEngineering/MeetingNotes/05-31-12
From MozillaWiki
Standing Agenda
- Review currently active (P1) features against their established milestones, identify any blockers - Security/Roadmap + Privacy/Roadmap
- Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
- Suggest additions or changes to roadmaps
- Detailed discussion of features or outstanding issues as time permits
- Upcoming events, OOO/travel, etc.
Last week: https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/05-21-12
Roadmap
- B2G - https://wiki.mozilla.org/Apps/Security <-- Security/Privacy model for B2G Apps
- Mixed Content Blocker -
- Chrome shipping with Mixed Script Content Blocked
- Meeting with Asa scheduled for Wednesday.
- Sign into Browser
- Opt-in activation for plugins.
- waiting on UI Design
- waiting on reviews.
- Upcoming Mini-working week, Blocklist discussion item
- iframe Sandbox - waiting on reviews. Aiming for FF 16. Will finish off last two tests tomorrow.
- Highlight Cleartext Passwords
- Reading papers
- Talked to UR and I'm starting surveys
- Low-rights Firefox
- Rough project plan with milestones.
- Working on poc with Marshall - working towards getting a firefox linked with sandbox library that we can apply a policy to
- CA Pinning
- Some issues with permission manager.
- HTTPS Google Search
- Still in the tree. Shipped in 14 (now Aurora).
- XSS Filter - https://bugzilla.mozilla.org/show_bug.cgi?id=528661
- Updates by Riccardo ! Thank you Riccardo !
- Password Manager Improvements - https://wiki.mozilla.org//Security/Features/PasswordManagerImprovements
- Added feature page. Marked as unprioritized.
- For bug https://bugzilla.mozilla.org/show_bug.cgi?id=759860, started coding, thinking it would be a few line change I could add on to Highlight Cleartext Passwords. bsmith has a better recommendation, but more complicated than a few line code change.
- Unassigned
- HSTS Preload List
- Stephan for Pancake started hacking on this
- Keeler was looking at this too.
- We need a bug ! (please link it from the feature page)
- X-Content-Type-Options - Tom Schuster is working on this and has a patch, see https://bugzilla.mozilla.org/show_bug.cgi?id=471020
- it's on the roadmap but doesn't have a feature page
Additional Items
- http://careers.mozilla.org/en-US/
- Need to cross post Senior Security Engineer position and add missing privacy features
- Visit from Adrienne
- DNT
- Travel page
- 2 things to celebrate