Security: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(Page cleanup) |
||
| Line 36: | Line 36: | ||
* We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]] | * We'll create and link the corresponding wiki page within the [[Security/Radar|Security Radar]] | ||
* [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]] | * [[Security/Reviews/Review Request Form | Security & Privacy Review Request Form]] | ||
===Security Feature Development=== | ===Security Feature Development=== | ||
We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the [[SecurityEngineering]] page for more info! | We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the [[SecurityEngineering]] page for more info! | ||
==== Mozilla Official Sites ==== | ==== Mozilla Official Sites ==== | ||
| Line 82: | Line 45: | ||
* [[CA|Mozilla CA Root Program]] | * [[CA|Mozilla CA Root Program]] | ||
* [http://blog.mozilla.com/security Mozilla Security blog] | * [http://blog.mozilla.com/security Mozilla Security blog] | ||
* [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps] | * [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines Secure Coding Guidelines for Webapps] | ||
| Line 103: | Line 65: | ||
* [https://twitter.com/mozwebsec Mozilla Web Security] | * [https://twitter.com/mozwebsec Mozilla Web Security] | ||
* [https://twitter.com/jruderman Jesse Ruderman] | * [https://twitter.com/jruderman Jesse Ruderman] | ||
* [https://twitter.com/dveditz Daniel Veditz] | * [https://twitter.com/dveditz Daniel Veditz] | ||
* [https://twitter.com/gh_rooster Raymond Forbes] | * [https://twitter.com/gh_rooster Raymond Forbes] | ||
* [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets) | * [https://twitter.com/openbuddha Al Billings] (but mostly Buddhist and Hackerspace tweets) | ||
* [https://twitter.com/kangsterizer Guillaume Destuynder] | * [https://twitter.com/kangsterizer Guillaume Destuynder] | ||
* [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff) | * [https://twitter.com/nth10sd Gary Kwong] (all sorts of stuff) | ||
* [https://twitter.com/mozdeco Christian Holler (decoder)] | * [https://twitter.com/mozdeco Christian Holler (decoder)] | ||
| Line 125: | Line 85: | ||
* [https://twitter.com/alexanderfowler Alex Fowler] | * [https://twitter.com/alexanderfowler Alex Fowler] | ||
* [https://twitter.com/imelven Ian Melven] | * [https://twitter.com/imelven Ian Melven] | ||
* [https://twitter.com/ygjb Yvan Boily] | |||
* [https://twitter.com/jstevensen Joe Stevensen] | |||
==== OWASP Projects and chapters ==== | ==== OWASP Projects and chapters ==== | ||
The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]: | The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]: | ||
* [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader | * [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader | ||
* Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader | * Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader | ||
* [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader | * [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader | ||
==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ==== | ==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ==== | ||
* [[Security/OtherSecurityResources| Other Security Resources]] | * [[Security/OtherSecurityResources| Other Security Resources]] | ||
Revision as of 19:32, 23 April 2016
“Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” - Mozilla Manifesto Principle 4
The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet.
This page documents the security-related activities where Mozilla active, and how to join us.
- Security Severity Ratings
- How to report a security issue
- Want to fix a security bug? Here is a list of old thorny bugs you can take on.
Engaging with Security
How To Find Us
Lots of options, we're here to help:
- Security@mozilla.org - email us any questions, concerns, etc. Please submit bugs through [1], not email.
- #security on IRC
- File a security/privacy review request via this link
- Attend a Security Talk given by one of the security team
Security reviews for new features/products/applications
Main Article: Security/Reviews
- Find past reviews by Category:SecReview
The Mozilla Secure Development Lifecycle
- Understand the Secure Development Lifecycle used to secure our new features/products/applications
- Information on Bugzilla and the Security Assurance Component
Security Bug Processes
Request a Security or Privacy Review
- Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
- We'll create and link the corresponding wiki page within the Security Radar
- Security & Privacy Review Request Form
Security Feature Development
We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the SecurityEngineering page for more info!
Mozilla Official Sites
- Mozilla Security Center
- Mozilla security developer docs
- Mozilla CA Root Program
- Mozilla Security blog
- Secure Coding Guidelines for Webapps
Personal Security Related Blogs of Mozillians
- Lucas Adamski's blog
- Sid Stamm's blog
- Curtis Koenig's blog
- Jesse Ruderman's blog (fuzzing entries, security entries)
- Ian Melven's Mozilla/Security blog
- Christian Holler's blog (decoder)
- Guillaume Destuynder's blog (kang)
- Julien Vehent's blog (ulfr)
- Michal Purzynski's blog (michal`)
- Adam Muntner's blog (adamm)
- Jonathan Claudius' blog (claudijd)
Twitter Accounts of Security Mozillians
- Mozilla Security
- Mozilla Web Security
- Jesse Ruderman
- Daniel Veditz
- Raymond Forbes
- Al Billings (but mostly Buddhist and Hackerspace tweets)
- Guillaume Destuynder
- Gary Kwong (all sorts of stuff)
- Christian Holler (decoder)
- Tanvi Vyas
- Simon Bennetts (psiinon)
- Jeff Bryner (jeff)
- Julien Vehent (ulfr)
- Gene Wood (gene)
- Michal Purzynski (michal`)
- Adam Muntner (adamm)
- Jonathan Claudius (claudijd)
Former members, still Mozillians
OWASP Projects and chapters
The Mozilla Security team is heavily involved with OWASP:
- Mark Goodwin - East Midlands Chapter leader
- Raymond Forbes - Seattle Chapter leader
- Simon Bennetts - ZAP and VWAD Project leader and Manchester Chapter leader