SecurityEngineering/MeetingNotes/03-07-13
From MozillaWiki
Goals Recap
- [at risk] application reputation - background file saver changes checked in, download manager change (the wire lookup part) has been mostly written but not review-ready, whitelisting/shortcutting lookups is completely unimplemented
- [at risk] PKIX by default - held up by review process and need to write tests, another approach being explored
- [done] land mixed content UI v1
- [done] getRandomValues - landed in Desktop, mobile, Firefox OS !
- [on track] CSP evangelization - CSP 1.0 not turned on in Nightly due to B2G mochitest issues with inline styles, did talk at BSides to promote CSP use, still want to do OWASP cheat sheet when 1.0 lands, spoke to Yvan about a dogfooding project and if there's a Security Champion that would be interested, going to discuss with him further on Monday
- [done] Analyze and publish results of Q4's security/privacy settings study
- [on track] Design cookie survey for test pilot (mmc)
screen sharing (ekr)
- ekr wants to bounce some questions off our team and solicit some crazy ideas about screen sharing threats and countermeasures.
- I have forwarded the write up to everyone.
Who is this imelven character? / Recap from bsides
- it was good ! talk went well !