SecurityEngineering/MeetingNotes/01-10-13

From MozillaWiki
Jump to: navigation, search

Q1 goals

Code:

  • land application reputation (mmc)
  • land libpkix on by default (requires resolving many dependencies, bsmith + camilo)
    • todo: what is the impact to the user ?
  • land mixed content UI v1 (tanvi)
    • mixed content protection turned on by default in Nightly
    • protects users from mixed content and gives them control
  • land crypto.getRandomValues (finally) [desktop & mobile] (ddahl)
    • real entropy in JS, key building block for JS crypto
    • This should include B2G (e10s) design + hacking implementation

Evangelism:

  • csp 1.0 evangelism (including with OWASP) and MDN repairs (sid + ian)
    • clears up our messaging around CSP and helps developers use it

Research:

  • Analyze and publish results of Q4's security/privacy UI study
  • Design cookie survey for test pilot (mmc)

Meet-up Agenda

Vancouver B Sides

Passwords Project Accepted

http://www.cs.helsinki.fi/group/ohtu/k-2013/aihe_secuadvisor.html