Security/B2G/Contribute: Difference between revisions
(add security features list) |
m (adding some resources) |
||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
= How to contribute to Firefox OS Security = | = How to contribute to Firefox OS Security = | ||
If you are willing to help making Firefox OS safer for users, there | If you are willing to help making Firefox OS safer for users, there are several ways to contribute: | ||
== Implementing OS features == | == Implementing OS features == | ||
| Line 10: | Line 10: | ||
(This list is to be validated and improved by adding a first good bugs section) | (This list is to be validated and improved by adding a first good bugs section) | ||
=====Improved privacy===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["1033580", "1081731", "1085240"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
* Encrypted messaging | * Encrypted messaging | ||
* UI for controlling VPN settings (VPN) | |||
* VPN configuration importing | |||
=====Browser security features===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["769183", "919807", "1055426"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
=====Platform Security features===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["845191", "877541", "769183", "909498", "947897", "773117", "777948", "930258"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
* | * [https://wiki.mozilla.org/Security/Sandbox Documentation about sandboxing] | ||
=====Improved permission management===== | |||
<bugzilla>{ | |||
"status": ["NEW", "UNCONFIRMED", "ASSIGNED", "REOPENED"], | |||
"id": ["961350", "910222", "943818", "967845", "970599", "1040348", "1055469", "940389"], | |||
"include_fields": "id, summary, status, assigned_to" | |||
}</bugzilla> | |||
* Global permission control for all apps and services | * Global permission control for all apps and services | ||
* Per permission view for permissions (e.g. which apps have access to my contacts) | * Per permission view for permissions (e.g. which apps have access to my contacts) | ||
| Line 41: | Line 46: | ||
=== Good practices for contributing === | === Good practices for contributing === | ||
For your contribution work to be successful, it is essential you | For your contribution work to be successful, it is essential you follow some good practices: | ||
'''Get in touch with us early''' | '''Get in touch with us early''' | ||
Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually | Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features. | ||
You can start by contacting us, we will help you get in touch with the right people: | You can start by contacting us, we will help you get in touch with the right people: | ||
* IRC channel #FxOSSec on irc.mozilla.org | * IRC channel #FxOSSec on irc.mozilla.org | ||
| Line 65: | Line 70: | ||
You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. | You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. | ||
This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace. | This [https://herdir.nohost.me/pad/p/appsreview etherpad] tracks the apps known to be currently available on the Marketplace. | ||
TO BE ADDED: list of apps to be ported on Firefox OS | |||
== Doing security reviews == | == Doing security reviews == | ||
| Line 81: | Line 89: | ||
* [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer] | * [https://wiki.mozilla.org/Marketplace/Reviewers/Apps/Guide/SecReviewTraining Security review training for app reviewer] | ||
* [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer] | * [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for app developers and reviewer] | ||
To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, [https://developer.mozilla.org/en-US/docs/Tools/WebIDE WebIDE] or the [https://developer.mozilla.org/en-US/Firefox_OS/Using_the_App_Manager App Manager]): | |||
* install the app (on the [https://developer.mozilla.org/en-US/docs/Tools/Firefox_OS_Simulator simulator] or on a real device) | |||
* then use the DevTools to debug it and have access to the source code | |||
=== How to report a security issue: === | === How to report a security issue: === | ||
| Line 96: | Line 108: | ||
For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines]. | For more information about how to provide translation for MDN pages, you can consult [https://developer.mozilla.org/en-US/docs/MDN/Contribute/Localize/Translating_pages these guidelines]. | ||
== Learning resources == | |||
=== JavaScript === | |||
* Learning by reading: | |||
** [https://github.com/getify/You-Dont-Know-JS#titles You don't know JS] | |||
** [https://developer.mozilla.org/en-US/docs/Web/JavaScript JavaScript documentation and guides on MDN] | |||
* Learning by doing: | |||
** [https://www.codeschool.com/courses/javascript-road-trip-part-1 JavaScript Road Trip pt 1 on Code School] | |||
** [http://ejohn.org/apps/learn/ Learning Advanced JavaScript] | |||
** [https://webmaker.org/en-US/resources/literacy/weblit-CodingScripting WebMaker resources on JavaScript] | |||
** [http://nodeschool.io/ nodeschool.io] | |||
Latest revision as of 19:48, 9 December 2014
How to contribute to Firefox OS Security
If you are willing to help making Firefox OS safer for users, there are several ways to contribute:
Implementing OS features
The Firefox Os Security team is tracking a list of security-related features to be explored or implemented.
Security features list
(This list is to be validated and improved by adding a first good bugs section)
Improved privacy
| ID | Summary | Status | Assigned to |
|---|---|---|---|
| 1033580 | openvpn support | NEW |
1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);
- Encrypted messaging
- UI for controlling VPN settings (VPN)
- VPN configuration importing
Browser security features
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Platform Security features
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Improved permission management
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
- Global permission control for all apps and services
- Per permission view for permissions (e.g. which apps have access to my contacts)
- Security app center
Good practices for contributing
For your contribution work to be successful, it is essential you follow some good practices:
Get in touch with us early
Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features. You can start by contacting us, we will help you get in touch with the right people:
- IRC channel #FxOSSec on irc.mozilla.org
- The ffos-secure@mozilla.org public mailing list is a good place to start discussing about security in the Firefox OS ecosystem.
You can also start a discussion:
Learn how to use Bugzilla
You'll find plenty of useful resources on MDN, especially about how to submit a patch.
Ask for feedback early
It is recommended you ask for feedback early, if possible as soon as you have a working prototype (you can use the "feedback" tag on Bugzilla). This will enable you to make sure everybody (UX, OS, security people) is aware and agrees on the direction you're taking with your implementation, and you'll possibly receive good advice for the remaining implementation work.
Writing security web apps
You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS.
This etherpad tracks the apps known to be currently available on the Marketplace.
TO BE ADDED: list of apps to be ported on Firefox OS
Doing security reviews
Firefox OS reviews
The security team regularly reviews new features in Firefox OS:
- Gaia (TODO)
- Gecko/Gonk (TODO)
Apps reviews
Security-related apps on the Marketplace are obviously sensitive, so the more reviewers have a look at it, the better it is:
Review guidelines for web apps
To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, WebIDE or the App Manager):
- install the app (on the simulator or on a real device)
- then use the DevTools to debug it and have access to the source code
How to report a security issue:
- on Firefox OS
- on the Marketplace: contact the app developer
Translating security documentation on MDN
You can help us reaching a wider audience of developers and reviewers by translating Firefox OS security documentation in several languages:
- Firefox OS security model
- Security guidelines for app developers and reviewer
- App permissions
- App reviewers security training
- ...
For more information about how to provide translation for MDN pages, you can consult these guidelines.
Learning resources
JavaScript
- Learning by reading:
- Learning by doing: