Changes

Security

2,378 bytes removed, 02:28, 29 July 2016

Clean up of the security landing page.

__TOC__

=== Reporting Security~~-related bugs =~~Issues ==* [[Security Severity Ratings]] * Mozilla relies on the security community to help secure our products and websites by reporting security issues. Our preference is to receive bug reports via our bug tracking system Bugzilla, however [~~http~~https://www.mozilla.org/security/#For_Developers ~~How to report a~~ emailing security ~~issue~~@mozilla.org ] * [[Security/FixMe|Want to fix a security bug? Here (preferably encrypted) is ~~a list of old thorny bugs you can take on~~also an option.]]

Details on the way we classify security bugs can be [[Security Severity Ratings|found here]]. ==~~=Engaging with~~ Security=at Mozilla =====~~=How To Find Us=~~Who are we? ===~~Lots of options, we're here to help~~Security at Mozilla is distributed among the following teams:* [~~mailto~~[SecurityEngineering|Security Engineering]]:Development of Firefox & underlying platform security features.* [[Security/InfoSec|Enterprise Information Security~~@mozilla~~]]: Defines and operates security controls across the organization.~~org~~ * [[Security/CloudSec|Cloud Services Security]]: Securing core Firefox services. === Contacting Us ===The Mozilla security team is available via a number of channels:* Via email** security@mozilla.org~~] - email~~ : to contact us ~~any questions, concerns, etc. Please submit bugs through~~ privately or [https://~~bugzilla~~www.mozilla.org/security/#For_Developers reporting security bugs]~~, not email.~~ * ~~'''#~~* dev-security~~''' on [https://wiki~~@lists.mozilla.org~~/IRC~~ : this is the best place to ask security questions that don't need to be private. You might also try searching this list for answers to your questions** You can also find us on a number of security related mailing lists including W3C WebAppSec* Via Mozilla [[IRC]]** #security - general security discussions* ~~File a~~ * #contentsecurity - browser security~~/privacy review request via this~~ engineering, DOM, CSP, Origins, content blocking etc** #infosec - general infosec discussions* Join our [[~~https:~~security/~~/wiki.mozilla.org/Security/Reviews/Review_Request_Form link~~meetings]]public meetings

* Attend a [[Security/Talks | Security Talk]] given by one of the security team

==~~==Security reviews~~ Information for ~~new features/products/applications==~~developers ==~~''Main Article: [[Security/Reviews]]''~~* Find past reviews by [https://wiki.mozilla.org/Category:SecReview Category:SecReview]~~====The Mozilla Secure Development Lifecycle ====~~* Understand the [[Security/Reviews/Secure Development Lifecycle | Secure Development Lifecycle]] used to secure our new features/products/applications * Information on Bugzilla and the [[Security/Reviews/Bugzilla Components| Security Assurance Component]]====Security Bug Processes ====

* [[Security/Bug_Approval_Process|Approval for Landing Security Bugs]]

* [[Security/Web_Bug_Rotation|Web Bug Verification Rotation]]

====Request a Security or Privacy Review ====

* Complete the questions at the following page to provide the basic info to kickstart a security or privacy review

* We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]]

* [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]]

~~===Security Feature Development===~~

~~We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the [[SecurityEngineering]] page for more info!~~

==Contributing to the security of Mozilla products ==There are a range of ways to contribute to security engineering at Mozilla. === Developers ===* Implement security features* Fix outstanding security bugs* Contribute to security feature development === Security Testers ===* Test Firefox or Mozilla Websites as part of our bug bounty programs === Community === * Test & provide feedback on new security features* Improve security documentation == Mozilla Official Sites ====

* [http://www.mozilla.org/security Mozilla Security Center]

* [http://developer.mozilla.org/en/Security Mozilla security developer docs]

* [[CA|Mozilla CA Root Program]]

* [http://blog.mozilla.com/security Mozilla Security blog]

* [~~https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps]~~ ~~==== Personal Security Related Blogs of Mozillians ====~~* [http://blog.mozilla.com/ladamski Lucas Adamski's blog]* [http://blog.sidstamm.com Sid Stamm's blog]* [https://spartiates.wordpress.com/ Curtis Koenig's blog]* [~~http://www.squarefree.com/ Jesse Ruderman's blog] ([http://www.squarefree.com/categories/fuzzing/ fuzzing entries], [http://www.squarefree.com/categories/security/ security entries])~~* [http://blog.mozilla.com/imelven Ian Melven's Mozilla/Security ~~blog]~~* [http:/Guidelines/~~blog.mozilla.com/decoder Christian Holler's blog (decoder)]~~* [https://www.insecure.ws/ Guillaume Destuynder's blog (kang)]* [https://jve.linuxwall.info/blog/ Julien Vehent's blog (ulfr)]* [https://log.nusec.eu/ Michal Purzynski's blog (michal`)]* [https://adammuntner.wordpress.com/ Adam Muntner's blog (adamm)]* [https://claudijd.github.io/ Jonathan Claudius' blog (claudijd)] ~~==== Twitter Accounts of Security Mozillians ====~~* [https://twitter.com/mozsec Mozilla Security]* [https://twitter.com/mozwebsec Mozilla Web Security]* [https://twitter.com/jruderman Jesse Ruderman]* [https://twitter.com/dveditz Daniel Veditz]* [https://twitter.com/gh_rooster Raymond Forbes]* [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets)* [https://twitter.com/kangsterizer Guillaume Destuynder]* [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff)* [https://twitter.com/mozdeco Christian Holler (decoder)]* [https://twitter.com/tanvihacks Tanvi Vyas]* [https://twitter.com/psiinon Simon Bennetts (psiinon)]* [https://twitter.com/0x7eff Jeff Bryner (jeff)]* [https://twitter.com/jvehent Julien Vehent (ulfr)]* [https://twitter.com/gene_wood Gene Wood (gene)]* [https://twitter.com/michalpurzynski Michal Purzynski (michal`)]* [https://twitter.com/adammuntner Adam Muntner (adamm)]* [https://twitter.com/claudijd Jonathan Claudius (claudijd)] ~~===== Former members, still Mozillians =====~~* [https://twitter.com/curtisko Curtis Koenig]* [https://twitter.com/securitae Lucas Adamski]* [https://twitter.com/alexanderfowler Alex Fowler]* [https://twitter.com/imelven Ian Melven]* [https://twitter.com/ygjb Yvan Boily]* [https://twitter.com/jstevensen Joe Stevensen] ~~==== OWASP Projects and chapters ====The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]:~~* [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader* Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader* [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader ~~==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ====~~* [[Security/OtherSecurityResources| ~~Other~~ Security ~~Resources~~Guidelines]]

Ptheriault

Canmove, confirm

1,220

edits

Changes

Security

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools