From MozillaWiki
Jump to: navigation, search

We build security and user sovereignty into Firefox. Through this work, we encourage and promote these values on the open web.

We focus hard on ways to improve the privacy and security of all web users, in a Mozilla way that engages the community in our design and implementation decisions. These priorities are reflected in the projects this team manages, public evangelism and participation in relevant standards bodies to maximize adoption of new privacy & security mechanisms.

The open web is powerful; the huge number of people working on web standards and software is astonishing, and the rapid advancement of new businesses and technologies online magnifies the need for advances in mechanisms that enable secure systems and users' control over their presence online.

Who is involved

Security Engineering is led by Richard Barnes and Steve Workman, and mainly driven by Mark Goodwin, Dave Huseby, JC Jones, Kamil Jozwiak, David Keeler, Christoph Kerschbaumer, Francois Marier, Kate McKinley, Daniel Veditz, Tanvi Vyas, Kathleen Wilson and Matt Wobensmith.

How We Work

The Security Engineering team works publicly like other Mozilla engineering teams. Continuously, we are focused on four top-level activities:

  • Implement and Deploy
  • Consult on Architecture and Design
  • Research new Ideas
  • Evangelize what we do

For more details, check out our strategy and 2015 Q2 Goals.

Major Efforts

Add-on signing Daniel Veditz
Application Reputation Francois Marier
Content Security Policy Christoph Kerschbaumer
Error Reporting Mark Goodwin
Meta Referrer
Mixed Content Blocking Tanvi Vyas
OneCRL Mark Goodwin
Password Manager Tanvi Vyas
Revamp of Security Hooks Christoph Kerschbaumer
Safe Browsing Francois Marier
Sub-resource Integrity Francois Marier
Tor bugs Dave Huseby
Tracking Protection Francois Marier

How to participate

Discuss: We hang out on #security on, and our primary mailing list is

Follow our work: To see our current progress against features please see the Mozilla Security Blog.

Do some reviews:

Contribute: Wanna pitch in, maybe do a project? Check out SecurityEngineering/Projects or the good first bugs list and if one interests you, contact us!

Experimental Things

We have a few feature proposals for things we might want to add to Firefox but that aren't currently scheduled:

From time to time we make add-ons to try out experimental features. Here are a few; let us know what you think!

Security Bugs

If you've found a security bug please see