Security: Difference between revisions

Security (view source)

Revision as of 02:28, 29 July 2016

2,378 bytes removed , 29 July 2016

Clean up of the security landing page.

Ptheriault

canmove, Confirmed users

1,220

edits

@@ Line 9: / Line 9: @@
 __TOC__
-=== Security-related bugs  ===
+== Reporting Security Issues ==
-* [[Security Severity Ratings]]
+Mozilla relies on the security community to help secure our products and websites by reporting security issues. Our preference is to receive bug reports via our bug tracking system Bugzilla, however [https://www.mozilla.org/security/#For_Developers emailing security@mozilla.org ] (preferably encrypted) is also an option.
-* [http://www.mozilla.org/security/#For_Developers How to report a security issue]
-* [[Security/FixMe|Want to fix a security bug? Here is a list of old thorny bugs you can take on.]]
-===Engaging with Security===
+Details on the way we classify security bugs can be [[Security Severity Ratings|found here]].
-====How To Find Us====
-Lots of options, we're here to help:
+== Security at Mozilla ==
-* [mailto:Security@mozilla.org Security@mozilla.org] - email us any questions, concerns, etc. Please submit bugs through [https://bugzilla.mozilla.org/], not email.
+=== Who are we? ===
-* '''#security''' on [https://wiki.mozilla.org/IRC IRC]
+Security at Mozilla is distributed among the following teams:
-* File a security/privacy review request via this [https://wiki.mozilla.org/Security/Reviews/Review_Request_Form link]
+* [[SecurityEngineering|Security Engineering]]: Development of Firefox & underlying platform security features.
+* [[Security/InfoSec|Enterprise Information Security]]: Defines and operates security controls across the organization.
+* [[Security/CloudSec|Cloud Services Security]]: Securing core Firefox services.
+=== Contacting Us ===
+The Mozilla security team is available via a number of channels:
+* Via email
+** security@mozilla.org: to contact us privately or [https://www.mozilla.org/security/#For_Developers reporting security bugs]
+** dev-security@lists.mozilla.org: this is the best place to ask security questions that don't need to be private. You might also try searching this list for answers to your questions
+** You can also find us on a number of security related mailing lists including W3C WebAppSec
+* Via Mozilla [[IRC]]
+** #security - general security discussions
+** #contentsecurity - browser security engineering, DOM, CSP, Origins, content blocking etc
+** #infosec - general infosec discussions
+* Join our [[security/meetings]] public meetings
 * Attend a [[Security/Talks | Security Talk]] given by one of the security team
-====Security reviews for new features/products/applications====
-''Main Article: [[Security/Reviews]]''
+== Information for developers ==
-* Find past reviews by [https://wiki.mozilla.org/Category:SecReview Category:SecReview]
+===Security Bug Processes ===
-====The Mozilla Secure Development Lifecycle ====
-* Understand the [[Security/Reviews/Secure Development Lifecycle | Secure Development Lifecycle]] used to secure our new features/products/applications
-* Information on Bugzilla and the [[Security/Reviews/Bugzilla Components| Security Assurance Component]]
-====Security Bug Processes ====
 * [[Security/Bug_Approval_Process|Approval for Landing Security Bugs]]
 * [[Security/Web_Bug_Rotation|Web Bug Verification Rotation]]
-====Request a Security or Privacy Review ====
+===Request a Security or Privacy Review ===
 * Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
 * We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]]
 * [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]]
-===Security Feature Development===
-We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the [[SecurityEngineering]] page for more info!
-==== Mozilla Official Sites ====
+== Contributing to the security of Mozilla products ==
+There are a range of ways to contribute to security engineering at Mozilla.
+=== Developers ===
+* Implement security features
+* Fix outstanding security bugs
+* Contribute to security feature development
+=== Security Testers ===
+* Test Firefox or Mozilla Websites as part of our bug bounty programs
+=== Community ===
+* Test & provide feedback on new security features
+* Improve security documentation
+== Mozilla Official Sites ==
 * [http://www.mozilla.org/security Mozilla Security Center]
 * [http://developer.mozilla.org/en/Security Mozilla security developer docs]
 * [[CA|Mozilla CA Root Program]]
 * [http://blog.mozilla.com/security Mozilla Security blog]
-* [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps]
+* [[Security/Guidelines/|Security Guidelines]]
-==== Personal Security Related Blogs of Mozillians ====
-* [http://blog.mozilla.com/ladamski Lucas Adamski's blog]
-* [http://blog.sidstamm.com Sid Stamm's blog]
-* [https://spartiates.wordpress.com/ Curtis Koenig's blog]
-* [http://www.squarefree.com/ Jesse Ruderman's blog] ([http://www.squarefree.com/categories/fuzzing/ fuzzing entries], [http://www.squarefree.com/categories/security/ security entries])
-* [http://blog.mozilla.com/imelven Ian Melven's Mozilla/Security blog]
-* [http://blog.mozilla.com/decoder Christian Holler's blog (decoder)]
-* [https://www.insecure.ws/ Guillaume Destuynder's blog (kang)]
-* [https://jve.linuxwall.info/blog/ Julien Vehent's blog (ulfr)]
-* [https://log.nusec.eu/ Michal Purzynski's blog (michal`)]
-* [https://adammuntner.wordpress.com/ Adam Muntner's blog (adamm)]
-* [https://claudijd.github.io/ Jonathan Claudius' blog (claudijd)]
-==== Twitter Accounts of Security Mozillians ====
-* [https://twitter.com/mozsec Mozilla Security]
-* [https://twitter.com/mozwebsec Mozilla Web Security]
-* [https://twitter.com/jruderman Jesse Ruderman]
-* [https://twitter.com/dveditz Daniel Veditz]
-* [https://twitter.com/gh_rooster Raymond Forbes]
-* [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets)
-* [https://twitter.com/kangsterizer Guillaume Destuynder]
-* [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff)
-* [https://twitter.com/mozdeco Christian Holler (decoder)]
-* [https://twitter.com/tanvihacks Tanvi Vyas]
-* [https://twitter.com/psiinon Simon Bennetts (psiinon)]
-* [https://twitter.com/0x7eff Jeff Bryner (jeff)]
-* [https://twitter.com/jvehent Julien Vehent (ulfr)]
-* [https://twitter.com/gene_wood Gene Wood (gene)]
-* [https://twitter.com/michalpurzynski Michal Purzynski (michal`)]
-* [https://twitter.com/adammuntner Adam Muntner (adamm)]
-* [https://twitter.com/claudijd Jonathan Claudius (claudijd)]
-===== Former members, still Mozillians =====
-* [https://twitter.com/curtisko Curtis Koenig]
-* [https://twitter.com/securitae Lucas Adamski]
-* [https://twitter.com/alexanderfowler Alex Fowler]
-* [https://twitter.com/imelven Ian Melven]
-* [https://twitter.com/ygjb Yvan Boily]
-* [https://twitter.com/jstevensen Joe Stevensen]
-==== OWASP Projects and chapters ====
-The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]:
-* [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader
-* Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader
-* [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader
-==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ====
-* [[Security/OtherSecurityResources| Other Security Resources]]

Security: Difference between revisions

Security (view source)

Revision as of 02:28, 29 July 2016

Navigation menu

Search