Changes

Welcome to the Mozilla Security wiki.  === Security-related bugs ===* [[Security Severity Ratings]] * [http://www.mozilla.org/security/#For_Developers How to report a security issue] * [[Security/FixMe|Want to fix a security bug? Here is a list of old thorny bugs you can take on.]] ===Engaging with Security=======How To Find Us====Lot's of options, we're here to help:* [mailto:Security@mozilla.org Security@mozilla.org] - email us any questions, concerns, etc* Bugzilla Keyword - '''sec-review-needed''' - We triage based on this keyword and will jump in to provide assistance* '''#security''' on [https://wiki.mozilla.org/IRC IRC]* File a security/privacy review request via this [https://wiki.mozilla.org/Security/Reviews/Review_Request_Form link] ====Security reviews for new features/products/applications====''Main Article: [[Security/Reviews]]''* Find past reviews by [https://wiki.mozilla.org/Category:SecReview Category:SecReview]====The Mozilla Secure Development Lifecycle ====* Understand the [[Security/Reviews/Secure Development Lifecycle | Secure Development Lifecycle]] used to secure our new features/products/applications * Information on Bugzilla and the [[Security/Reviews/Bugzilla Components| Security Assurance Component]]====Request a Security or Privacy Review ====* Complete the questions at the following page to provide the basic info to kickstart a security or privacy review* We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]]* [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]]====[[Security/Radar|Security Radar]]==== {| class="wikitable collapsible collapsed" style="width: 100%"! Unlinked Reviews|-|* [[Security/Reviews/Mobile/AndroidSystemStorage| Android System Storage]]* [[Security/Firefox/WebAPI/WebBattery| WebBattery]]* [[Security/Reviews/BrowserIDCAPI| BrowserID C API]]* [[Security/Reviews/crossoriginAttribute|Add crossorigin attribute]]* [[Security/Reviews/Firefox10/SyncDialogue|Sync Dialogue]]* [[Security/Reviews/JetPack2011-20/12 | JetPack 2011-10-12]]* [[Security/Reviews/XHRnonpost| XHR non-post rewrite]]* [[Security/Reviews/StubInstaller|Stub Installer]]* [[Labs/Weave/Sync Client Security Review|Sync Client]]* [[Firefox Sync/Weave 1.3b5 Client Security Review|Weave 1.3b5 Client]]* [[Security/Reviews/DNSSEC-TLS|DNSSEC-TLS]]* [[Security/Reviews/OWA-F1|Web Activities & F1]]* [[Security/Reviews/ReviewNotes/MouseLock|MouseLock]]* [[Security/Reviews/ReviewNotes/Joystick|Joystick]]|} {SecTracker| class="wikitable collapsible collapsed" style="width: 100%"! Unlinked Discussions|Component-|* [[Security/Discussions/WebRTC|WebRTC]]|} ===Security Feature Development=== ''Main article: [[Security/Roadmap]]'' ''Main article: [[Privacy/Roadmap]]'' === Security Initiatives ===In *[[Security/TeamEmbedding]]*Prioritizing and driving non-App Purchase feature work: [[Security/Driving]] === Security Resources and Blogs === ==== Mozilla Official Sites ====* [http://www.mozilla.org/security Mozilla Security Center]* [http://developer.mozilla.org/en/Security Mozilla security developer docs]* [[CA|Mozilla CA Root Program]]* [http://blog.mozilla.com/security Mozilla Security blog]* [http://blog.mozilla.com/webappsec Mozilla WebApp Sec Blog]* [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps] ==== Personal Security Related Blogs of Mozillians ====* [http://blog.mozilla.com/ladamski Lucas Adamski's blog]* [http://blog.sidstamm.com Sid Stamm's blog]* [https://spartiates.wordpress.com/ Curtis Koenig's blog]* [http://www.squarefree.com/ Jesse Ruderman's blog] (Kumar[http://www.squarefree.com/categories/fuzzing/ fuzzing entries], [http://www.squarefree.com/categories/security/ security entries])* [http://michael-coates.blogspot.com/ Michael Coates]* [http://blog.mozilla.com/imelven Ian Melven's Mozilla/Security blog]* [http://blog.mozilla.com/decoder Christian Holler's blog (decoder)] |Resource==== Twitter Accounts of Security Mozillians ====* [https://twitter.com/mozsec Mozilla Security]* [https://twitter.com/mozwebsec Mozilla Security]* [https://twitter.com/jruderman Jesse Ruderman]* [https://twitter.com/curtisko Curtis Koenig] (all kinds of random stuff)* [https://twitter.com/_mwc Michael Coates]* [https://twitter.com/flamsmark Tom Lowenthal] (privacy)* [https://twitter.com/securitae Lucas Adamski]* [https://twitter.com/alexanderfowler Alex Fowler]* [https://twitter.com/ygjb Yvan Boily]* [https://twitter.com/dveditz Daniel Veditz]* [https://twitter.com/gh_rooster Raymond Forbes]* [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets)* [https://twitter.com/imelven Ian Melven]* [https://twitter.com/kangsterizer Guillaume Destuynder]* [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff)}}* [https://twitter.com/mozdeco Christian Holler (decoder)] ==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ====* [[Security/OtherSecurityResources| Other Security Resources]] <h3>Stuff that needs to be merged into this page properly</h3> === Meeting Notes ==={| class="wikitable collapsible collapsed" style="width: 100%"! Meetings|-|* [[Security/Meetings/SecurityAssurance|Security Assurance]]* [[Security/AppSecBiweekly|AppSec Bi Weelky]] {SecTrackerItem| class="wikitable collapsible collapsed" style="width: 100%"! SecTeam Meetings 2012 |-|* [[Security/Meetings/2012-02-01|2012-02-01]]* [[Security/Meetings/2012-01-25|2012-01-25]]* [[Security/Meetings/2012-01-18|2012-01-18]]* [[Security/Meetings/2012-01-11|2012-01-11]]* [[Security/Meetings/2012-01-04|2012-01-04]]|}{|Sectrackerstatusclass="wikitable collapsible collapsed" style=OK"width: 100%"! SecTeam Meetings 2011 |-|* [[Security/Meetings/2011-12-28|2011-12-28]]* [[Security/Meetings/2011-12-21|2011-12-21]]* [[Security/Meetings/2011-12-07|Simpyn=2011-12-14]]* [[Security/Meetings/2011-12-07|2011-12-07]]* [[Security/Meetings/2011-11-30|2011-11-30]]* [[Security/Meetings/2011-11-23|2011-11-23]]* [[Security/Meetings/2011-11-16|2011-11-16]]* [[Security/Meetings/2011-11-09|2011-11-09]]* [[Security/Meetings/2011-11-02|2011-11-02]]* [[Security/Meetings/2011-10-26|2011-10-26]]* [[Security/Meetings/2011-10-19|2011-10-19]]* [[Security/Meetings/2011-10-12|2011-10-12]]* [[Security/Meetings/2011-10-05|2011-10-05]]* [[Security/Meetings/2011-09-28|2011-09-28]]* Nomeeting on 9/14 (All Hands) or 9/21 (Fuzzing Work Week)* [[Security/Meetings/2011-09-07|2011-09-07]]* [[Security/Meetings/2011-08-31|2011-08-31]]* [[Security/Meetings/2011-08-24|2011-08-24]]* [[Security/Meetings/lifecycledisc|Life Cycle discussion]]* [[Security/Meetings/2011-08-17|2011-08-17]]* [[Security/Meetings/2011-08-10|2011-08-10]]* [[Security/Meetings/2011-07-27|2011-07-27]]* [[Security/Meetings/2011-07-20|2011-07-20]]* [[Security/Meetings/2011-07-13|2011-07-13]]* [[Security/Meetings/2011-07-06|2011-07-06]]* [[Security/Meetings/2011-06-29|2011-06-29]]* [[Security/Meetings/2011-06-22|2011-06-22]]* [[Security/Meetings/2011-06-15|2011-06-15]]* [[Security/Meetings/2011-06-08|2011-06-08]]* [[Security/Meetings/2011-06-01|SecTrackerFSA2011-06-01]]|} {| class="wikitable collapsible collapsed" style=no"width: 100%"! Joint Secteam-Infrasec Meetings 2012 |-|* [[Security/Meetings/2012-01-12|2012-01-12]]|}}{| class="wikitable collapsible collapsed" style="width: 100%"! Joint Secteam-Infrasec Meetings 2011|-| * [[Security/Meetings/2011-12-15|2011-12-15]]* [[Security/Meetings/2011-11-17|2011-11-17]]* [[Security/Meetings/2011-10-06|2011-10-06]]* [[Security/Meetings/2011-09-08|2011-09-08]]* [[Security/Meetings/2011-08-25|2011-08-25]]* [[Security/Meetings/2011-08-11|2011-08-11]]* [[Category:AppsProjectSecurity/Meetings/2011-07-28|2011-07-28]] * [[Category:MarketplaceSecurity/Meetings/2011-06-16|2011-06-16]]|}|}