How to contribute to Firefox OS Security
If you are willing to help making Firefox OS safer for users, there are are several ways to contribute:
Implementing OS features
The Firefox Os Security team is tracking a list of security-related features. These are first good bugs to start with: (TODO)
Good practices for contributing
For your contribution work to be successful, it is essential you follows some good practices:
Get in touch with us early
Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involve important designing decisions which has to be worked on with several teams: platform, Gaia, UX, security. You can start by contacting us, we will help you get in touch with the right people:
- IRC channel #FxOSSec on irc.mozilla.org
- The ffos-secure@mozilla.org public mailing list is a good place to start discussing about security in the Firefox OS ecosystem.
You can also start a discussion:
Writing security web apps
You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS. This etherpad tracks the apps known to be currently available on the Marketplace.
Doing security reviews
Firefox OS reviews
The security team regularly reviews new features in Firefox OS:
- Gaia (TODO)
- Gecko/Gonk (TODO)
Apps reviews
Security-related apps on the Marketplace are obviously sensitive, so the more reviewers have a look at it, the better it is:
Review guidelines for web apps
How to report a security issue:
- on Firefox OS
- on the Marketplace: contact the app developer
Translating security documentation on MDN
You can help us reaching a wider audience of developers and reviewers by translating Firefox OS security documentation in several languages:
- Firefox OS security model
- Security guidelines for app developers and reviewer
- App permissions
- App reviewers security training
- ...
For more information about how to provide translation for MDN pages, you can consult these guidelines.