SecurityEngineering: Difference between revisions
(→How to participate: we're not longer doing meeting notes, should we start again?) |
(move proposals to experimental things) |
||
| Line 47: | Line 47: | ||
| Lead: Daniel Veditz | | Lead: Daniel Veditz | ||
|} | |} | ||
==How to participate== | ==How to participate== | ||
| Line 67: | Line 60: | ||
== Experimental Things == | == Experimental Things == | ||
We have a few feature proposals for things we might want to add to Firefox but that aren't currently scheduled: | |||
* [[Security/Contextual_Identity_Project|Contextual Identity]] | |||
* [[Security/Foreign_Certificate_Warning|Foreign Certificate Warning]] | |||
* [[CloudServices/Password_Manager/Master_Password|Master Password]] in the Password Manager | |||
* [[Security/Contextual_Identity_Project/Containers|Containers]], [[Security/Contextual_Identity_Project/Private_Session|private sessions]] and [[Security/Contextual_Identity_Project/User_Profiles|user profiles]] | |||
From time to time we make add-ons to try out experimental features. Here are a few; let us know what you think! | From time to time we make add-ons to try out experimental features. Here are a few; let us know what you think! | ||
* [https://addons.mozilla.org/en-us/firefox/addon/force-tls/ Force-TLS] ([https://code.google.com/p/force-tls/ get the code]) | * [https://addons.mozilla.org/en-us/firefox/addon/force-tls/ Force-TLS] ([https://code.google.com/p/force-tls/ get the code]) | ||
* User CSP | * [https://addons.mozilla.org/en-US/firefox/addon/newusercspdesign/ User CSP] | ||
==Security Bugs== | ==Security Bugs== | ||
If you've found a security bug please see http://www.mozilla.org/security/#For_Developers | If you've found a security bug please see http://www.mozilla.org/security/#For_Developers | ||
Revision as of 04:12, 18 March 2015
We build security and user sovereignty into Firefox. Through this work, we encourage and promote these values on the open web.
We focus hard on ways to improve the privacy and security of all web users, in a Mozilla way that engages the community in our design and implementation decisions. These priorities are reflected in the projects this team manages, public evangelism and participation in relevant standards bodies to maximize adoption of new privacy & security mechanisms.
The open web is powerful; the huge number of people working on web standards and software is astonishing, and the rapid advancement of new businesses and technologies online magnifies the need for advances in mechanisms that enable secure systems and users' control over their presence online.
Who is involved
Security Engineering is led by Richard Barnes and Steve Workman, and mainly driven by Monica Chew, Mark Goodwin, JC Jones, Kamil Jozwiak, David Keeler, Christoph Kerschbaumer, Francois Marier, Bob Owen, Sid Stamm, Daniel Veditz, Tanvi Vyas, Matt Wobensmith and Kathleen Wilson.
How We Work
The Security Engineering team works publicly like other Mozilla engineering teams. Continuously, we are focused on four top-level activities:
- Implement and Deploy
- Consult on Architecture and Design
- Research new Ideas
- Evangelize what we do
For more details, check out our strategy and 2015 Q1 Goals.
Major Efforts
| Tracking Protection | Lead: Monica Chew |
| Safe Browsing and Application Reputation | Lead: Monica Chew |
| Sandboxing | Lead: Bob Owen |
| Mixed Content Blocking | Lead: Tanvi Vyas |
| Security/CSP | Lead: Christoph Kerschbaumer |
| Sub-resource Integrity | Lead: Francois Marier |
| Password Manager | Lead: Tanvi Vyas |
| Add-on signing | Lead: Daniel Veditz |
How to participate
Discuss: We hang out on #security on irc.mozilla.org, and our primary mailing list is mozilla.dev.security. Milestone reviews and other meetings will be announced on mozilla.dev.security.
Follow our work: To see our current progress against features please see the Mozilla Security Blog.
Do some reviews:
- Add "seceng waiting for reviews" to your Bugzilla preferences
- See our SecurityEngineering/CodeReviewGuidelines
Contribute: Wanna pitch in, maybe do a project? Check out SecurityEngineering/Projects or the good first bugs list and if one interests you, contact us!
Experimental Things
We have a few feature proposals for things we might want to add to Firefox but that aren't currently scheduled:
- Contextual Identity
- Foreign Certificate Warning
- Master Password in the Password Manager
- Containers, private sessions and user profiles
From time to time we make add-ons to try out experimental features. Here are a few; let us know what you think!
Security Bugs
If you've found a security bug please see http://www.mozilla.org/security/#For_Developers