Standing Agenda

Q1 Goals Recap (https://intranet.mozilla.org/2013Q1Goals#Security_Engineering)
Review roadmap priorities to ensure they accurately reflect active projects and Mozilla's priorities
Suggest additions or changes to roadmaps
Detailed discussion of features or outstanding issues as time permits
Additional Items
Upcoming events, OOO/travel, etc.

Agenda

[at risk] application reputation - background file saver changes checked in, download manager change (the wire lookup part) has been mostly written but not review-ready, whitelisting/shortcutting lookups is completely unimplemented
[at risk] PKIX by default - held up by review process and need to write tests
[done] land mixed content UI v1
[done] getRandomValues - moving along
[on track] CSP evangelization
[on track] Analyze and publish results of Q4's security/privacy settings study (draft post of 1st half, 2nd half on password coming)
[on track] Design cookie survey for test pilot (mmc)

gsoc submission planning: March 18th - March 29th
https://wiki.mozilla.org/SecurityEngineering/MeetingNotes/02-07-13#Internship.2FMentorship_project_brainstorming
Of the ideas that we discussed previously, these seem like ones that could be a gsoc project
- HSTS crawler for preload list (keeler)
- User Research on fast profile switching prototype to study how people interact with it (mmc)
- HTTPS by default for address bar (addon) + refactoring and research on what breaks (bsmith)
- CSP 1.1 experimental features (paths, csp sandbox, or other) (sstamm)
- Wordpress CSP plugin (update it for CSP 1.0) (stamm)
- Developer tools for security (tanvi)
- Cookie tagging - ask mgoodwin (mgoodwin)
Anyone want to be a mentor?
- Sid can mentor CSP-related things
- mmc can mentor the UR one (with some UR help)
- Brian would mentor the HTTPS by default study
- Tanvi for developer tools
- Mark for cookie tagging (maybe)
- Keeler for hsts crawler for preload list