Security/Process/Agile

< Security‎ | Process

Revision as of 16:21, 15 November 2013 by Curtisk (talk | contribs) (→‎Tools)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Status: Draft
Date: 2013.11.15
ToDo:
* Write the page

Tools

[Risk Rating table] https://wiki.mozilla.org/Security/RiskRatings

Preclearance criteria

Bugs that need risk review:

bugs not ready for a full appsec/opsec review but need a risk level assigned
- if a bug does not have a [score= in the whiteboard we will assume the bug is in this category

Bugs that need architecture review:

Bug has a risk rating of medium or higher
architecture diagrams are provided by the development team

Bugs ready for code review:

bug has a risk review (i.e.[score=low] in the whiteboard)
code is complete and link to it’s repository has been provided
if necessary, a staging/dev environment has been provided for us that we can use to test against
architecture/data flow or other diagrams have been provided by the development team appropriate for the level of risk identified for the bug

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Process/Agile&oldid=762190"