|
|
| Line 1: |
Line 1: |
| = Security Review Pre-Work =
| | ;Items to be reviewed: |
| ''Please fill our the short section below prior to the review, and make sure you contact security@mozilla.org to schedule your actual review.''
| |
|
| |
|
| == Overview == | | == Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time]== |
| ''Describe the goals and objectives of the feature here. What needs or problems does it address?''
| | === Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)=== |
|
| |
|
| ;Background links
| | === What solutions/approaches were considered other than the proposed solution?=== |
| * feature-tracking bug links
| |
| * public specifications (RFC's, W3C specs, IETF Drafts, etc)
| |
| * design docs or internal specifications
| |
| * data flow or entity relation diagrams
| |
| * links to other implementations of the feature
| |
|
| |
|
| == Threats == | | === Why was this solution chosen?=== |
| ''Please list the top 3 security threats you have considered during the design and implementation of this feature.'' Consider attack points as well as code that feels fragile.
| |
|
| |
|
| * Threat 1
| | == Any security threats already considered in the design and why?=== |
| * Threat 2
| |
| * Threat 3
| |
|
| |
|
| What mitigations have you implemented?
| |
|
| |
|
| = Topics To Discuss During The Review = | | == Threat Brainstorming (30-40 minutes)== |
| ''Please be prepared to discuss the topics listed at [[Security/ReviewTopics|ReviewTopics]] as they relate to your feature / project. Optionally, you may copy the most relevant questions here and answer them before the review, which could speed up the review meeting.''
| |
|
| |
|
| = Review comments = | | == Conclusions / Action Items (10-20 minutes)== |
| ''Notes and bug numbers will be recorded here. Let's try not to spend too much time on any one topic during the meeting.''
| |