Security/Reviews/Bugzilla Components

From MozillaWiki
Jump to: navigation, search

Objective

  • Organize bugzilla components to support new Security Assurance organization
  • Eliminate confusion with similar components that are managed by other teams
  • Provide clear component names so uses can more easily select the correct component to increase response time
  • Note: None of these groups are meant to be used for bugs that are filed against a product, application, or server. Instead people sometimes want to file security review requests against our queue or we have projects that require bugs for us to take action on. That's the purpose of these components.

Old Bugzilla Components

  • Product: Mozilla.org
  • Component: Infrastructure Security
    • Infrastructure Security: Web Security
    • Infrastructure Security: Operations
  • Similar Component:
    • mozilla.org: Server Operations: Security,

Proposed New Bugzilla Organization

  • Product: Mozilla.org
  • Component: Security Assurance
  • Security Assurance: Review Needed
  • Security Assurance: Operations
  • Security Assurance: Applications
  • Security Assurance: Incident

Purpose of Components

  • Security Assurance: Review Needed
    • For security or privacy review
    • People often forgot our process on how to request security reviews and simply file a bug within our component. As a result, the incorrectly filed bug misses triage and there are unnecessary delays.
    • This component will at least be more obvious to the user filing the bug and provide an easy method for us to catch these bugs during triage (and reclassify per our processes)
  • Security Assurance: Operations
    • For Operations Security bugs that need work
  • Security Assurance: Applications
    • May not be used very often since most application security bugs are filed against the related product/site
    • Can be used to keep track of internal projects related to application security
  • Security Assurance: Incident
    • Used for incident bugs such as security investigations, compromises, etc

Transition Plan

  • Rename Components:
    • Infrastructure Security -> Security Assurance
    • Infrastructure Security: Web Security -> Security Assurance: Applications
    • Infrastructure Security: Operations -> Security Assurance: Operations
  • Create Components:
    • Security Assurance: Review Needed
    • Security Assurance: Incident
  • Move Bugs from -> to :
    • mozilla.org: Server Operations: Security -> mozilla.org: Security Assurance: Operations
  • Eliminate mozilla.org: Server Operations: Security - per bug 722395