Canmove, confirm
1,220
edits
Changes
no edit summary
= Firefox Security Testing Team =
Securing Firefox through Security Testing, Auditing and Monitoring Email us at security-testing@mozilla.com. What are we working on? See our Trello board. We can help you if you need: - security testing of a feature you have built (or are close to keep Firefox securebuilding) - in-depth security auditing
== Contact ==
To report a security issue in Firefox desktop or mobile, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here]. = Activities What do we do? =
==Release Security Testing==
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by:
* Residual risk highlighted by Engineering Security Review process
* Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review)
== Vulnerability management and measurement ==
* Testing of large browser features that span multiple releases (e.g. Web Payments)
* Testing of Firefox security components (e.g. Sandbox testing)
* Testing of areas of known weakness (e.g. components receiving frequent security issues) <bugzilla> { "product": "Firefox"through manual auditing, "component": "Security: Review Requests"static analysis, "whiteboard": "audit", "include_fields": ["id", "summary", "whiteboard", "status", "resolution"], "status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"] }</bugzilla>instrumentation etc)
