Security/Program Management

This document describes the Security Program Management function at Mozilla. If you have questions, please contact Curtis Koenig or Al Billings, the Security Program Managers.

External Communications

• Ensure responses are sent to inquiries made to security@mozilla.org
  • Researchers reporting vulnerabilities
  • Users reporting security problems with Mozilla products
• Help Mozilla Press produce responses to security-related questions from the media

Security Metrics

• Raise awareness within the organization of key product security metrics
  • Open Security Bugs
  • Client software crashes

Security Releases

• Help release drivers triage bugs needed on the stable branches
• Publish advisories for the security bugs fixed in each release
• Support Release Drivers, QA, and Release Engineering teams during out-of-band "firedrill" releases

Secure Development Lifecycle

• Develop material to increase awareness of and utilization of security best practices by Mozilla developers
  • Secure Development Guidelines
  • Mozilla JavaScript Security Training
• Deliver security training sessions to developers and QA engineers

Security Feature Development

• Help design security features
  • Content Security Policy
  • Origin header
• Drive implementation of security features, contributing to implementation where possible

New product and feature tracking

• Track new products and new product features to ensure they are reviewed
• Manage internal and external testing schedules