Security/MockUp

STATUS: MOCKUP / DRAFT Welcome to the Mozilla Security wiki.

Purpose: Houses process items, team documents, and other “work papers” that we produce in a day to day context.

How To Find Us

Lot's of options, we're here to help:

• Security@mozilla.org - email us any questions, concerns, etc
• Bugzilla flag - sec-review - We triage based on this flag you don't need to set a target person we'll work that out if you don't know
• #security on IRC
• File a security/privacy review request via this link
• Attend a Security Talk given by one of the security team

Other Security Pages

www.mozilla.org/security

• This is the official Mozilla Security page.
  • Bug bounty information,advisories, tips for safety and security, information about Mozilla Security-Group

blog.mozilla.org/security

• The official blog of Mozilla Security, posts are written by not only Security team members but other involved individuals as well as guests that deal with topics of Mozilla Security.

securitywiki.mozilla.org

• Houses internal items for client security work

Mana Pages for security

• Houses MoCo only items such as internal process documents or other corporate items that are generally not of interest to the community.

Security Feature Development

At Mozilla, we build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments.

We focus hard on ways to improve the privacy and security of all web users, in a Mozilla way that engages the community in our design and implementation decisions. These priorities are reflected in the projects this team manages, public evangelism and participation in relevant standards bodies to maximize adoption of new privacy & security mechanisms.

For more information and how to participate: Security Engineering

Security-related bugs

• Security Severity Ratings
• How to report a security issue
• Want to fix a security bug? Here is a list of old thorny bugs you can take on.

Security Reviews

Main Article: Security/Reviews

• Need a security review or to find the documentation of completed reviews? This is what your looking for.

• • Project Kick-Off Form
  • Security & Privacy Review Request Form
  • Find past reviews by Category:SecReview

To be moved under this page:
* Security Radar

*  Android System Storage
*  WebBattery
*  BrowserID C API
* Add crossorigin attribute
* Sync Dialogue
*  JetPack 2011-10-12
*  XHR non-post rewrite
* Stub Installer
* Sync Client
* Weave 1.3b5 Client
* DNSSEC-TLS
* Web Activities & F1
* MouseLock
* Joystick

* WebRTC

Security Process Documents

Main Article: Security/Process

• Need a security approval? Looking for the documentation on how we do what we do? Look no further!

To be moved under this page/area:
* Approval for Landing Security Bugs
* Web Bug Verification Rotation
* Understand the  Secure Development Lifecycle used to secure our new features/products/applications 
* Information on Bugzilla and the  Security Assurance Component

Security Initiatives

Security Initiatives

• Initiatevs the security team is currently working on or has worked on in the past (ie. Embedding and Champions)

Security Resources and Blogs

Mozilla Resources Other Resources

Security Meeting Notes

Meetings