Thunderbird/Security: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(→‎Security Software Engineering: Add Security Component section)
m (→‎Security Component: prose improvement)
Line 23: Line 23:


=== Security Component ===
=== Security Component ===
Issues and features relating to the security-feature aspects of Thunderbird can be found on Bugzilla here: [https://bugzilla.mozilla.org/buglist.cgi?product=Thunderbird&component=Security Bugzilla Security Component Page]
Issues and suggestions relating to the security-feature aspects of Thunderbird can be found on Bugzilla here: [https://bugzilla.mozilla.org/buglist.cgi?product=Thunderbird&component=Security Bugzilla Security Component Page]


The trend of open bugs in the security component can be found here: [https://bugzilla.mozilla.org/chart.cgi?category=Thunderbird&subcategory=Security&name=759&label0=All+Open&line0=759&datefrom=1%2F1%2F2012&dateto=6%2F29%2F2018&action-wrap=Chart+This+List Bugzilla Charts Link]
The trend of open bugs in the security component can be found here: [https://bugzilla.mozilla.org/chart.cgi?category=Thunderbird&subcategory=Security&name=759&label0=All+Open&line0=759&datefrom=1%2F1%2F2012&dateto=6%2F29%2F2018&action-wrap=Chart+This+List Bugzilla Charts Link]


[[File:Securitytrend.png|frameless|left|Trend of open security issues from Jan 2012 to June 2018]]
[[File:Securitytrend.png|frameless|left|Trend of open security issues from Jan 2012 to June 2018]]

Revision as of 19:18, 29 June 2018

(Note: This page is an active work in progress)

Introduction

Thunderbird cares very strongly about the security and privacy of its users. To this end, there are various security-related activities maintained by the community that this page attempts to document.

There are two main aspects to security-related work:

  1. Security Engineering
    1. Designing Thunderbird to prevent vulnerabilities.
    2. Analyzing risk (and then mitigating it) by performing threat analysis and risk assessment.
    3. Finding vulnerabilities in Thunderbird.
    4. Vulnerability management and incident response activities.
  2. Security Software Engineering
    1. Maintaining/building security-related code (the Security component)
    2. Including strong security standards and technologies when appropriate.
    3. Building/researching new security-related features to improve the security of our users.

Security Engineering

Write me.

Security Software Engineering

Security software engineering refers to software engineering related to security, rather than the security engineering discipline itself. This section describes various activities in that area:

Security Component

Issues and suggestions relating to the security-feature aspects of Thunderbird can be found on Bugzilla here: Bugzilla Security Component Page

The trend of open bugs in the security component can be found here: Bugzilla Charts Link

Trend of open security issues from Jan 2012 to June 2018
Retrieved from "https://wiki.mozilla.org/index.php?title=Thunderbird/Security&oldid=1196472"