STATUS: MOCKUP / DRAFT Welcome to the Mozilla Security wiki.
Purpose: Houses process items, team documents, and other “work papers” that we produce in a day to day context.
How To Find Us
Lot's of options, we're here to help:
- Security@mozilla.org - email us any questions, concerns, etc
- Bugzilla flag - sec-review - We triage based on this flag you don't need to set a target person we'll work that out if you don't know
- #security on IRC
- File a security/privacy review request via this link
- Attend a Security Talk given by one of the security team
Other Security Pages
- This is the official Mozilla Security page.
- Bug bounty information,advisories, tips for safety and security, information about Mozilla Security-Group
- The official blog of Mozilla Security, posts are written by not only Security team members but other involved individuals as well as guests that deal with topics of Mozilla Security.
- Houses internal items for client security work
- Houses MoCo only items such as internal process documents or other corporate items that are generally not of interest to the community.
At Mozilla, we build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments.
We focus hard on ways to improve the privacy and security of all web users, in a Mozilla way that engages the community in our design and implementation decisions. These priorities are reflected in the projects this team manages, public evangelism and participation in relevant standards bodies to maximize adoption of new privacy & security mechanisms.
For more information and how to participate: Security Engineering
- Security Severity Ratings
- How to report a security issue
- Want to fix a security bug? Here is a list of old thorny bugs you can take on.
Main Article: Security/Reviews
- Need a security review or to find the documentation of completed reviews? This is what your looking for.
To be moved under this page: * Security Radar
Main Article: Security/Process
- Need a security approval? Looking for the documentation on how we do what we do? Look no further!
To be moved under this page/area: * Approval for Landing Security Bugs * Web Bug Verification Rotation * Understand the Secure Development Lifecycle used to secure our new features/products/applications * Information on Bugzilla and the Security Assurance Component
- Initiatevs the security team is currently working on or has worked on in the past (ie. Embedding and Champions)