Personal tools


From MozillaWiki

Jump to: navigation, search

Security Engineering

We build security and user sovereignty into Firefox. Through this work, we encourage and promote these values on the open web.

We focus hard on ways to improve the privacy and security of all web users, in a Mozilla way that engages the community in our design and implementation decisions. These priorities are reflected in the projects this team manages, public evangelism and participation in relevant standards bodies to maximize adoption of new privacy & security mechanisms.

The open web is powerful; the huge number of people working on web standards and software is astonishing, and the rapid advancement of new businesses and technologies online magnifies the need for advances in mechanisms that enable secure systems and users' control over their presence online.

Who is involved

Security Engineering is led by Sid Stamm, and mainly driven by Richard Barnes, Monica Chew, David Keeler, Christoph Kerschbaumer, Bob Owen, Garrett Robinson, Camilo Viecco, Tanvi Vyas, and Kathleen Wilson. But our team isn't limited to these people -- there are many others out there in the community who help us accomplish more than we can alone, and we thrive on their passion, interest and help.

How We Work

The Security Engineering team works publicly like other Mozilla engineering teams. Continuously, we are focused on four top-level activities:

  • Implement and Deploy
  • Consult on Architecture and Design
  • Research new Ideas
  • Evangelize what we do

For more details, check out our strategy and 2013 Q3 Goals and 2013 Q4 Goals.

Major Efforts

Tracking Protection Lead: Monica Chew (roadmap coming)
The fox cannot escape the box. Sandboxing Leads: kang/tabraldes (non-tech: Sid Stamm)
  Secure Communications Lead: Brian Smith We want to make sure you get what you ask for, so we're hardening our SSL/TLS stack (and CA program), rolling out Mixed Content blocking, and developing a Web Crypto API to help sites lock down messaging.
autoprivatemode. Contextual Identity Lead: Monica Chew Many people have multiple "me"s depending on their activity. We want to understand how people think about their identities and help them manage 'em. Current projects include: Blushproof.

Some recent highlights:

How to participate

Discuss: We hang out on #security on, and our primary mailing list is Milestone reviews and other meetings will be announced on

Follow our work: To see our current progress against features please see our blogs: Sid's, Tanvi's, Ian's, Monica's, and the Mozilla Security Blog. Also, feel free to take a peek at our roadmaps: Privacy Roadmap & Security Roadmap. Our weekly meeting notes for previous meetings are located here: SecurityEngineering/MeetingNotes

Do some reviews:

Contribute: Wanna pitch in, maybe do a project? Check out SecurityEngineering/Projects or the good first bugs list and if one interests you, contact us!

Experimental Things

From time to time we make add-ons to try out experimental features. Here are a few; let us know what you think!

Security Bugs

If you've found a security bug please see