Infrasec Security Review Request

1. File a new bug within Bugzilla for the request.
2. Block an existing deployment request bug with the infrasec review bug.
   
3. Assign the bug to Product: Mozilla.org and Component: Infrastructure Security: Web Security. Here is a Security: Web Security&rep_platform=v1_rep_platform&op_sys=v1_op_sys direct bugzilla link
4. Make sure to copy clyon <at> mozilla.com and mcoates <at> mozilla.com
5. Within the request, please answer the questions below

Questions to Address within Request Body

Please copy these questions into the bug and answer inline.

1. A quick intro to what this app does.
2. Where is the source code located?
3. Is there a stage server running that we can also test against? If so, please indicate what machine the web server is running on.
4. Where would you like the bugs filed in bugzilla? Please specify the product, component and if anyone specific should be copied on the bugs.
5. Please describe if this app will be connecting to any internal or external services or if it is able to interact with the OS.
6. Does this app support logins or multiple roles? If so, we'll need test accounts created for each available role.
7. What is the worst case scenario that could happen with this system, data or connected systems? (This is used to help understand the criticality of this server.)
8. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
   

Additional Comments

• Standard lead time on security review requests is minimum 4-6 weeks
• Once the review is started it takes 1-2 weeks to complete
• Critical reviews can be expedited. Please contact us directly as soon as possible
• Using standard frameworks such as django will decrease the security review time
• Also reference the secure coding guidelines to self evaluate and eliminate security issues prior to the security review