Closed
Bug 744915
Opened 12 years ago
Closed 12 years ago
Secreview of B2G App Security Model
Categories
(mozilla.org :: Security Assurance: Review Request, task, P2)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
Due Date:
People
(Reporter: curtisk, Assigned: curtisk)
References
()
Details
(Whiteboard: [pending secreview] [start 04/18/2012][target ??/??/2012][score:76::High])
Who is/are the point of contact(s) for this review?
Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
Does this request block another bug? If so, please indicate the bug number This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
Are there any portions of the project that interact with 3rd party services?
Will your application/service collect user data? If so, please describe
If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Comment 1•12 years ago
|
||
One thing - I am currently driving the development of the security model, and I am also the reviewer, is this appropriate?
Whiteboard: [pending secreview] → [pending secreview] [start 04/18/2012][target 05/09/2012]
Assignee | ||
Comment 2•12 years ago
|
||
I think it is fine for now, but we will likely want to get input from a wider audience as it firms up. We can do that with the team as a group to validate any assumptions or thinking as this moves forward.
Status: NEW → ASSIGNED
Updated•12 years ago
|
Assignee: ptheriault → nobody
Component: Security Assurance: Review Needed → General
Product: mozilla.org → Boot2Gecko
QA Contact: security-assurance → general
Target Milestone: --- → DeveloperPhone
Version: other → unspecified
Updated•12 years ago
|
Assignee: nobody → ptheriault
Updated•12 years ago
|
Blocks: B2G-secreview
Updated•12 years ago
|
Priority: -- → P1
Comment 3•12 years ago
|
||
This review should probably be combined with bug 749379. (Implmentation of the permission manager).
But https://wiki.mozilla.org/Apps/Security is pretty close to final for V1 I think, so we might want to kick this one off soon?
Comment 4•12 years ago
|
||
I have made this bug block 758652 as this is basically the implementation of the App Security Model.
The permissions manager is a related bug as well 707625.
Blocks: 758652
Whiteboard: [pending secreview] [start 04/18/2012][target 05/09/2012] → [pending secreview] [start 04/18/2012][target ??/??/2012]
I don't understand what this bug is. It sounds like a meta-bug to implement a B2G security model, however bug 764189 is exactly that and is currently much more complete.
Blocks: basecamp-security
Summary: B2G App Security Model → Secreview of B2G App Security Model
Comment 6•12 years ago
|
||
This is the tracking bug for the security team to review the implementation of the app security model, ie bug 764189. But I guess you worked that out form the title change.
I understand there is a lot of work being done this week for this - can we perhaps conduct an initial security at the end of the week while it is fresh in everyone's mind?
Updated•12 years ago
|
Assignee: ptheriault → nobody
Component: General → Security Assurance: Review Request
Product: Boot2Gecko → mozilla.org
Target Milestone: DeveloperPhone → ---
Version: unspecified → other
Assignee | ||
Comment 9•12 years ago
|
||
This needs to be a team review so I am taking it
Assignee: nobody → curtisk
Assignee | ||
Comment 10•12 years ago
|
||
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings
Priority: 4 (P2) - Mozilla Initiative
Operational: 0 - N/A
User: 5 - Blocker
Privacy: 4 - Critical
Engineering: 5 - Blocker
Reputational: 5 - Blocker
Priority Score: 76
Severity: normal → blocker
Whiteboard: [pending secreview] [start 04/18/2012][target ??/??/2012] → [pending secreview] [start 04/18/2012][target ??/??/2012][score:76::High]
Assignee | ||
Updated•12 years ago
|
Due Date: 2012-11-30
Assignee | ||
Comment 11•12 years ago
|
||
Paul, any idea on when we might have this in a state where it is ready to review?
Flags: needinfo?(ptheriault)
Comment 12•12 years ago
|
||
At the time when I created this bug, the app security model was basically the permissions model. The permission model is now finalised, based upon a review that happened about 3 weeks ago with Jonas, Lucas and security team reps (David, Raymond & myself). The output was the fianlised permission model here:https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0
There was some updates to bring implementation inline with design, tracked here: https://bugzilla.mozilla.org/show_bug.cgi?id=815565
Technically, an "App Security Model" includes other aspects (udates, delivery, installation etc) but these aspects are being tracked in other specific reviews so I think we can probably close this.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•