Security: Difference between revisions

← Older edit

Security (view source)

Revision as of 23:03, 12 March 2021

135 bytes removed , 12 March 2021

Update link to Guidelines

Gene wood

Confirmed users

112

edits

@@ Line 1: / Line 1: @@
   “Individuals’ security and privacy on the Internet are
   fundamental and must not be treated as optional.”
     - [http://www.mozilla.org/en-US/about/manifesto/ Mozilla Manifesto Principle 4]
@@ Line 5: / Line 5: @@
 '''The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet. '''
-This page documents the security-related activities where Mozilla active, and how to join us.
+This page documents the security-related activities for Mozilla and how to join us.
 __TOC__
@@ Line 17: / Line 17: @@
 === Who are we? ===
 Security at Mozilla is distributed among the following teams:
-* [[SecurityEngineering|Security Engineering]]: Development of Firefox & underlying platform security features.
+* [[SecurityEngineering|Security Engineering]] makes users of Firefox safer on the Internet.
-* [[Security/InfoSec|Enterprise Information Security]]: Defines and operates security controls across the organization.
+* [[Security/FoxSec|Security Operations]] protects the product infrastructure and builds security services.
-* [[Security/CloudSec|Cloud Services Security]]: Securing core Firefox services.
+* Firefox Fuzzing finds vulnerabilities in Firefox.
+* [[Security/InfoSec|Security Assurance]] leads incident response, product security strategy, and risk management.
 === Contacting Us ===
@@ Line 27: / Line 28: @@
 ** dev-security@lists.mozilla.org: this is the best place to ask security questions that don't need to be private. You might also try searching this list for answers to your questions
 ** You can also find us on a number of security related mailing lists including W3C WebAppSec
-* Via Mozilla [[IRC]]
+* Via the [https://matrix.to/#/!xSFwJMLGSLXLaSUrHr:mozilla.org?via=mozilla.org&via=matrix.org #security] channel on Mozilla's [[Matrix]] instance.
-** #security - general security discussions
-** #contentsecurity - browser security engineering, DOM, CSP, Origins, content blocking etc
-** #infosec - general infosec discussions
-* Join our [[security/meetings]] public meetings
-* Attend a [[Security/Talks | Security Talk]] given by one of the security team
+'''Need a security review for Firefox feature/change? See [[Security/Testing]].'''
 == Information for developers ==
 ===Security Bug Processes ===
+* [[Security/Firefox_security_bug_fixing|Guidelines for fixing a core-security bug in Firefox]]
 * [[Security/Bug_Approval_Process|Approval for Landing Security Bugs]]
 * [[Security/Web_Bug_Rotation|Web Bug Verification Rotation]]
+* [[Security/Firefox/Security_Bug_Triage_Process|Security Bug Triage Process]]
-===Request a Security or Privacy Review ===
+* [[Security/Firefox/Security_Bug_Life_Cycle|Security Bug Life Cycle]]
-* Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
-* We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]]
-* [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]]
 == Contributing to the security of Mozilla products ==
@@ Line 57: / Line 51: @@
 * Test Firefox or Mozilla Websites as part of our bug bounty programs
 === Community ===
 * Test & provide feedback on new security features
 * Improve security documentation
@@ Line 66: / Line 60: @@
 * [[CA|Mozilla CA Root Program]]
 * [http://blog.mozilla.com/security Mozilla Security blog]
-* [[Security/Guidelines/|Security Guidelines]]
+* [https://infosec.mozilla.org/guidelines/ Security/Guidelines/]