Security/Program Management

From MozillaWiki
Jump to: navigation, search

This document describes the Security Program Management function at Mozilla. If you have questions, please contact Curtis Koenig or Al Billings, the Security Program Managers.

External Communications

  • Ensure responses are sent to inquiries made to security@mozilla.org
    • Researchers reporting vulnerabilities
    • Users reporting security problems with Mozilla products
  • Help Mozilla Press produce responses to security-related questions from the media

Security Metrics

  • Raise awareness within the organization of key product security metrics
    • Open Security Bugs
    • Client software crashes

Security Releases

  • Help release drivers triage bugs needed on the stable branches
  • Publish advisories for the security bugs fixed in each release
  • Support Release Drivers, QA, and Release Engineering teams during out-of-band "firedrill" releases

Secure Development Lifecycle

  • Develop material to increase awareness of and utilization of security best practices by Mozilla developers
  • Deliver security training sessions to developers and QA engineers

Security Feature Development

New product and feature tracking

  • Track new products and new product features to ensure they are reviewed
  • Manage internal and external testing schedules