SecurityEngineering/MeetingNotes/01-10-13
From MozillaWiki
Q1 goals
Code:
- land application reputation (mmc)
- land libpkix on by default (requires resolving many dependencies, bsmith + camilo)
- todo: what is the impact to the user ?
- land mixed content UI v1 (tanvi)
- mixed content protection turned on by default in Nightly
- protects users from mixed content and gives them control
- land crypto.getRandomValues (finally) [desktop & mobile] (ddahl)
- real entropy in JS, key building block for JS crypto
- This should include B2G (e10s) design + hacking implementation
Evangelism:
- csp 1.0 evangelism (including with OWASP) and MDN repairs (sid + ian)
- clears up our messaging around CSP and helps developers use it
Research:
- Analyze and publish results of Q4's security/privacy UI study
- Design cookie survey for test pilot (mmc)
Meet-up Agenda
- https://mail.mozilla.com/home/sstamm@mozilla.com/Security%20and%20Privacy%20Eng%20meetup%20Q1%202012
- See y'all Monday!
Vancouver B Sides
- Yvan is one of the planners and encourages us to submit talks
- http://www.securitybsides.com/w/page/27811926/BSidesVancouver
- 2013 February 8th: CFP Deadline
Passwords Project Accepted
http://www.cs.helsinki.fi/group/ohtu/k-2013/aihe_secuadvisor.html