Confirmed users
908
edits
SecurityEngineering: Difference between revisions
→Experimental Things: containers are no longer experimental
Ptheriault (talk | contribs) |
(→Experimental Things: containers are no longer experimental) |
||
| (20 intermediate revisions by 6 users not shown) | |||
| Line 7: | Line 7: | ||
==Who is involved== | ==Who is involved== | ||
Security Engineering is led by | Security Engineering is led by Wennie Leung. Work is divided between these main teams: | ||
* | * Privacy and Security Engineering: website & browser security features ([[Security/Contextual_Identity_Project/Containers|Containers]], [[CloudServices/Password_Manager|Password Manager]], etc.), DOM security ([[Security/CSP|CSP]], [[Security/Subresource_Integrity|SRI]], Cookies, [[Security/Features/Mixed_Content_Blocker|Mixed Content Blocking]], origin, etc), Content Blocking ([[Security/Safe Browsing|Safe Browsing]], [[Security/Application_Reputation|Download Protection]] and [[Security/Tracking_protection|Tracking Protection]]), [[Security/Features/Revamp_Security_Hooks|revamp of security hooks]], [[Security/Tor_Uplift/Tracking|Tor Uplift]] and [[Security/Sandbox/Hardening|Sandbox Hardening]]. | ||
* Communications security: TLS stack, communications security, | * [[Security/CryptoEngineering|Communications security]] (Lead:[https://mozillians.org/en-US/u/jcjones/ JC Jones]): TLS stack, communications security, WebCrypto, [[PSM:Topics|PSM]], [[NSS]], [[SecurityEngineering/TLS_Error_Reports|Error Reporting]] and OneCRL | ||
* Defensive Security Engineering (Lead: Tom Ritter): implementing changes to Firefox that improve our security posture. | |||
* [[CA:Overview|Mozilla's CA Certificate Program]] (Program Manager: [https://mozillians.org/en-US/u/kwilson/ Kathleen Wilson]) | |||
To connect with us directly, you can our contact details on [https://mozillians.org/en-US/group/securityengineeringstaff/ Mozillians]. | |||
==How We Work== | ==How We Work== | ||
| Line 32: | Line 36: | ||
For details of our projects in these four areas, see the [[Security/Roadmap|security roadmap]]. | For details of our projects in these four areas, see the [[Security/Roadmap|security roadmap]]. | ||
==How to participate== | ==How to participate== | ||
| Line 87: | Line 41: | ||
'''Follow our work:''' To see our current progress against features please see the [https://blog.mozilla.org/security/ Mozilla Security Blog]. | '''Follow our work:''' To see our current progress against features please see the [https://blog.mozilla.org/security/ Mozilla Security Blog]. | ||
'''Contribute:''' Wanna pitch in, maybe do a project? Check out the [https://bugzil.la/sw:%5Bgood%20first%20bug%5D%20security good first bugs list] and if one interests you, contact us! | '''Contribute:''' Wanna pitch in, maybe do a project? Check out the [https://bugzil.la/sw:%5Bgood%20first%20bug%5D%20security good first bugs list] and if one interests you, contact us! | ||
| Line 98: | Line 48: | ||
We have a few feature proposals for things we might want to add to Firefox but that aren't currently scheduled: | We have a few feature proposals for things we might want to add to Firefox but that aren't currently scheduled: | ||
* [[Security/Foreign_Certificate_Warning|Foreign Certificate Warning]] | * [[Security/Foreign_Certificate_Warning|Foreign Certificate Warning]] | ||
* [[CloudServices/Password_Manager/Master_Password|Master Password]] in the Password Manager | * [[CloudServices/Password_Manager/Master_Password|Master Password]] in the Password Manager | ||
* [[Security/Automatic_Private_Browsing_Upgrades|Automatic Private Browsing Upgrades]] | * [[Security/Automatic_Private_Browsing_Upgrades|Automatic Private Browsing Upgrades]] | ||
==Security Bugs== | ==Security Bugs== | ||
If you've found a security bug please see http://www.mozilla.org/security/#For_Developers | If you've found a security bug please see http://www.mozilla.org/security/#For_Developers | ||