Security/B2G: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(→‎Summary: rm huseby, add tedd, sort alphabetically)
 
(30 intermediate revisions by 3 users not shown)
Line 7: Line 7:
  |-
  |-
  | '''Team Members'''
  | '''Team Members'''
  | [mailto:rfletcher@mozilla.com Rob Fletcher] (irc: omerta), [mailto:freddyb@mozilla.com Frederick Braun] (irc: freddyb), [mailto:cr@mozilla.com Christiane Ruetten] (irc: cr), [mailto:arroway@mozilla.com Stéphanie Ouillon] (irc: arroway)  
  | [mailto:freddyb@mozilla.com Frederik Braun] (irc: freddyb), [mailto:jhector@mozilla.com Julian Hector] (irc: tedd), [mailto:cr@mozilla.com Christiane Ruetten] (irc: cr), [mailto:arroway@mozilla.com Stéphanie Ouillon] (irc: arroway)
  |-
  |-
  | '''References'''
  | '''References'''
  | [https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model Firefox OS Security Model Overview]
  |[[Security/B2G/Goals| Goals]]<br>
[[Security/B2G/Team_responsibilities|Team Responsibilities]]<br>
  |}
  |}


==Team Responsibilities==
== Useful Information ==
'''Getting assistance from the FxOS security team'''
* Need Firefox OS security review? Flag your bug with "sec‑review?" (needinfo if urgent)
* [http://www.mozilla.org/security/#For_Developers Report a FxOS security issue]


==== Security Assurance ====
''' Security reviews planning'''
''Ensure security throughout OS development lifecycle''
* [https://docs.google.com/spreadsheets/d/1vuw7_4I6o20I2n17_-3i43AmUE9TM88F2H7NBhryqwM/edit#gid=0 On-going and planned security reviews]
* Embedding/team support/security guidance
* Catching security oversights
* Identifying and promoting good security practices (consistency, patterns and practices)
* Closing the bug loop, pushing security bugs to resolution   


==== Security Improvement ====
'''FxOS Security Documentation'''  
''Drive security improvements to support evolving device and app requirements, and to bring us to parity with other mobile platforms''
* [https://developer.mozilla.org/en-US/Firefox_OS/Security FxOS Security Documentation]
* Update Firefox OS Application security model to address emerging APIs, use cases and threats
* [https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Security_model Firefox OS Security Model Overview]
* Coordinate between platform & B2G teams on security feature development
* [https://developer.mozilla.org/en-US/Apps/Build/App_permissions Web App Permissions]
* Contribute patches for minor security improvements
* [https://developer.mozilla.org/en-US/Apps/Security_guidelines Security guidelines for App developers and reviewers]
* Coordinating/encouraging community security contributions
* [https://developer.mozilla.org/en-US/docs/Apps/Marketplace_review_criteria App review criteria on MDN]
* Drive development of new security features (e.g. crypto support)


==== Ecosystem Security ====
'''Other Helpful Links'''
''Empower community to help secure Firefox OS''
* [[Marketplace/Reviewers/Apps/Guide/SecReviewTraining| Security training for App reviewers]]
* Improve effectiveness and scalability of Marketplace security review process
* [https://developer.mozilla.org/en-US/Firefox_OS/Security/Intercepting_traffic_using_a_proxy Intercepting traffic with a proxy on Firefox OS]
* Provide security guidance to developers & reviewers (e.g MDN documentation)
* [[Security/B2G/GaiaTesting| Getting starting testing Gaia and Web Apps (outdated)]]
* Development of tools for app developers & reviewers
* App security incident response (vulnerable or malicious apps)


==== Partner Security Program ====
== Getting involved ==
''Help and monitor partners to ensure our users are protected''
'''Guidelines'''
* Work with partners to ensure security of vendor modifications & co-ordinate security updates
* [[Security/B2G/Contribute| How to contribute]]
* Enforce security through partner certification program
* Security incident response, management, and partner fix coordination
 
== Useful Links ==
Wiki
* [[Gaia | Gaia wiki page]]
* [[B2G | Main B2g wiki page]]
* [https://wiki.mozilla.org/WebAPI Firefox OS Web API]
MDN
* [https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS MDN page]
* [https://developer.mozilla.org/en-US/docs/Apps Web Apps on MDN]
* [https://developer.mozilla.org/en-US/docs/Apps/Marketplace_review_criteria App review criteria on MDN]
Various
* [http://mounirlamouri.github.com/sysapps/proposals/RunTime-Security/Overview.html Draft specification: Runtime and Security Model for Web Applications]
* [https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0 Basecamp Permissions Model]
* [[Security/B2G/GaiaTesting| Getting starting testing Gaia and Web Apps]]


'''Getting in touch with us'''
* IRC channel #FxOSSec on irc.mozilla.org
* The [https://mail.mozilla.org/listinfo/ffos-secure ffos-secure@mozilla.org] public mailing list is a good place to start discussing about security in the Firefox OS ecosystem.
* The [https://guides.mozilla-community.org/c/security/firefox-os Guides forum] is here to help you find your way to make your first contributions.


== Meetings ==
== Meetings ==
Line 68: Line 53:


'''FirefoxOS Security Weekly Meeting'''
'''FirefoxOS Security Weekly Meeting'''
* Time: Tuesdays 1330 PDT / 2130 CET / 0430 CST / 2130 UTC
* Time: Tuesdays 1300 PDT / 2100 CET / 0400 CST / 2000 UTC
* Notes during the meeting are captured on [https://etherpad.mozilla.org/firefoxossecteammtg this etherpad].
* Notes during the meeting are captured on [https://etherpad.mozilla.org/firefoxossecteammtg this etherpad].


== Subpages of {{FULLPAGENAME}}==
== Subpages of {{FULLPAGENAME}}==
{{Special:PrefixIndex/{{FULLPAGENAME}}/}}
{{Special:PrefixIndex/{{FULLPAGENAME}}/}}

Latest revision as of 09:49, 15 February 2016

Firefox OS Security Team

Summary

Lead Paul Theriault (irc: pauljt)
Team Members Frederik Braun (irc: freddyb), Julian Hector (irc: tedd), Christiane Ruetten (irc: cr), Stéphanie Ouillon (irc: arroway)
References Goals

Team Responsibilities

Useful Information

Getting assistance from the FxOS security team

Security reviews planning

FxOS Security Documentation

Other Helpful Links

Getting involved

Guidelines

Getting in touch with us

  • IRC channel #FxOSSec on irc.mozilla.org
  • The ffos-secure@mozilla.org public mailing list is a good place to start discussing about security in the Firefox OS ecosystem.
  • The Guides forum is here to help you find your way to make your first contributions.

Meetings

Connection Information

  • Dial-in:
    • +1 650 903 0800 x92 Conf 98500#
    • +1 416 848 3114 x92 Conf 98500#
    • +1 800 707 2533 (pin 369) Conf 98500# (toll free, Skype)
  • Vidyo: B2G Vidyo room

FirefoxOS Security Weekly Meeting

  • Time: Tuesdays 1300 PDT / 2100 CET / 0400 CST / 2000 UTC
  • Notes during the meeting are captured on this etherpad.

Subpages of Security/B2G

Retrieved from "https://wiki.allizom.org/index.php?title=Security/B2G&oldid=1117133"