From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Private Elastic Search

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

The given value "

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

Part 3 of the Bugzilla ETL: This meeting is to deal with the specific issues of having bug metatdata (including security bugs) freely available on an ES cluster behind LDAP

This SecReview Bug:

Architecture (same as before):

Summary of what is available on private bugs (pulled from Metrics' cluster):

Previous SecReview (public bugs only)

Overal Project About:



   We want to deliver accurate aggregate numbers for overal project summaries.

What solutions/approaches were considered other than the proposed solution?


Why was this solution chosen?

Any security threats already considered in the design and why?

Threat Brainstorming

Whiteboards could have sensitive info

  • Legal bugs? (bug group and product)
  • HR?
  • Finance and "confidential"?
  • Dashboard results made public?
  • "visual" cue to not get the public/private mixed up
  • proxy in front of this instance
  • more exposure of security bugs (but low), medium increase in utility

Action Items

Action Item Status In Progress
Release Target `
Action Items
* add "this is private" indicator
  • remove legal, hr, finance, confidential (and more?)
  • verify if legal product dominates all the confidential bugs