* language: english
Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla.
==== An online threat modelling tool ====
* mentor: TBD
* difficulty: medium
* language: english
Threat modelling is an important part of designing an application, and a threat model diagram is a very useful way to document the threats that apply to your application.
Unfortunately there are a very limited number of thread modelling tools available, and most of those are restricted to specific platforms.
This project is to create an online HTML5 application which will allow the user to easily create threat model diagrams online.
It should be very easy to use, and allow the diagrams to be exported in the most common image formats.
The graphical elements of the [https://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx Microsoft Threat Modeling tool] are a good example of the type of functionality required.