canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Champions: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
== Security Champions == | == Security Champions == | ||
* Security Champions are active members of a team that make help to make decisions about when to engage the Security Team | |||
* Act as the "voice" of security for the given product or team | |||
* Assist in the triage of security bugs for their team or area | |||
=== | === Expectations === | ||
* Participate in the security champions mailing list & | |||
* Attend one of 2 monthly meetings | |||
* | ** Either the 2nd (AM PST) or 4th (PM PST) Tuesday of the month | ||
* | * Assist in making security decisions for their team | ||
* | ** Low-Moderate security impact | ||
*** Empowered to make decisions | |||
* | *** Document decisions made in bugs or wiki | ||
* | ** High-Critical security impact | ||
* | ** Engage SA team for current review process | ||
* | ** Can always engage using sec-review ? flag on any bug | ||
* | |||
* | |||
* | |||
* | |||
* | |||
** | |||
** | |||
** | |||
== Security Champions == | === List of Security Champions === | ||
{| class="wikitable" | {| class="wikitable" | ||
| Line 70: | Line 53: | ||
|- | |- | ||
|} | |} | ||
=== How to Become a Security Champion === | |||
# Review the information above to ensure you understand it | |||
# Discuss with your team/area to so they know you intend to take on this role | |||
# send email to curtisk with your name and area you wish to be a champion for | |||
=Other Types of Security Contributors= | |||
=== Contributor === | |||
* Regular contributor with an interest in security | |||
* Participates in security review activities appropriate with skill level | |||
* participates in public security discussions and IRC channel (#security) | |||
=== Security Contributor (Bug Bounty Reporters/Patch submitters) === | |||
* All activities associated with a contributor | |||
* Contributes security documentation and/or other related content [1] | |||
* Files security bugs (may or may not be pursuing bounties) | |||
* Submits patches for or reviews patches security bugs | |||
* Access to non-self security-sensitive bugs on an as needed basis | |||
=== Security Mentors === | |||
* Security Champions for Domains - an expert on a certain domain of security such as cryptography, javascript, memory models, fuzzing, etc | |||
* willing to mentor those that have questions or need guidance in a more general way | |||
=== Security Group === | |||
** Governed by "Mozilla Security Group Membership Policy" https://www.mozilla.org/projects/security/membership-policy.html | |||
** Member of security group; has visibility into security bugs, and responsibilities to help address those concerns | |||
** Should be able to speak with authority and drive action within the Mozilla Community to address areas of security concern and act as an escalation path for Security Champions and Security Mentors | |||
** May also act as Security Contributor, Security Champion or Security Mentor depending on individual impetus | |||
[1] Related content may include but is not limited to: Brown Bags, Conference Talks, MDN documentation, Security Review Documentation, Foundational Security Documents (Flow Diagrams, Threat Models, etc), Security Tool contributions, Vulnerability Defence Documentation | |||