Our mission is to design and implement evolutionary and revolutionary features to manifestly improve the privacy and security of all web users, in a Mozilla way that engages the community in our design and implementation decisions. These priorities are reflected in the Privacy and Security roadmaps this team manages, public evangelism and participation in relevant standards bodies to maximize adoption of new privacy & security mechanisms.

Security Engineering is led by Lucas Adamski, who is focused on security features along with Ian Melven and Tanvi Yvas. Sid Stamm is leading the Privacy development efforts, along with Camilo Viecco.

The Security Engineering team works publicly like other Mozilla engineering teams.

Our team is driven by our roadmaps:

• Privacy Roadmap
• Security Roadmap

If something is not on our roadmaps and prioritized as a P1, we aren't working on it. If it should be, please let us know (keeping in mind our resources are finite).

We provide opportunities for the community to contribute at each milestone of a feature's lifecycle. The main milestones for features are:

• Requirements
• Design
• Implementation
• Release

In conjunction with these milestones, many features involve some degree of ongoing evangelism, especially when those features are new proposed API's that require widespread adoption by web developers, server admins and/or browser developers.

We are not always the best team to implement a given privacy or security feature, so another important role we play is to champion privacy and security features throughout the Mozilla organization.

We hang out on #security on irc.mozilla.org, and our primary mailing list is mozilla.dev.security. Milestone reviews and other meetings will be announced on mozilla.dev.security.

For information about participating in our security review process, please see here

If you've found a security bug please see [[1]].

For information regarding our security bug bounty, check out [[2]]