SecurityEngineering: Difference between revisions

← Older edit

SecurityEngineering (view source)

Revision as of 21:54, 21 February 2018

1,737 bytes removed , 21 February 2018

→‎Experimental Things: containers are no longer experimental

Fmarier

Confirmed users

908

edits

@@ Line 7: / Line 7: @@
 ==Who is involved==
-Security Engineering is led by [https://mozillians.org/en-US/u/rbarnes/ Richard Barnes] and [https://mozillians.org/en-US/u/sdeckelmann/ Selena Deckelmann]. Work is divided between these main teams:
+Security Engineering is led by Wennie Leung. Work is divided between these main teams:
-* Content Security Team (Lead: [https://mozillians.org/en-US/u/pauljt/ Paul Theriault]): website & browser security features, DOM security (CSP, SRI, Cookies, origin etc), Content Blocking (safe browsing, download protection) and sandboxing.
+* Privacy and Security Engineering: website & browser security features ([[Security/Contextual_Identity_Project/Containers|Containers]], [[CloudServices/Password_Manager|Password Manager]], etc.), DOM security ([[Security/CSP|CSP]], [[Security/Subresource_Integrity|SRI]], Cookies, [[Security/Features/Mixed_Content_Blocker|Mixed Content Blocking]], origin, etc), Content Blocking ([[Security/Safe Browsing|Safe Browsing]], [[Security/Application_Reputation|Download Protection]] and [[Security/Tracking_protection|Tracking Protection]]), [[Security/Features/Revamp_Security_Hooks|revamp of security hooks]], [[Security/Tor_Uplift/Tracking|Tor Uplift]] and [[Security/Sandbox/Hardening|Sandbox Hardening]].
-* [[Security/CryptoEngineering|Communications security]] (Lead:[https://mozillians.org/en-US/u/jcjones/ JC Jones]): TLS stack, communications security, WebCrypto, [[PSM:Topics|PSM]], [[NSS]]
+* [[Security/CryptoEngineering|Communications security]] (Lead:[https://mozillians.org/en-US/u/jcjones/ JC Jones]): TLS stack, communications security, WebCrypto, [[PSM:Topics|PSM]], [[NSS]], [[SecurityEngineering/TLS_Error_Reports|Error Reporting]] and OneCRL
-* Fuzzing (Lead:[https://mozillians.org/en-US/u/abillings/ Al Billings])
+* Defensive Security Engineering (Lead: Tom Ritter): implementing changes to Firefox that improve our security posture.
+* [[CA:Overview|Mozilla's CA Certificate Program]] (Program Manager: [https://mozillians.org/en-US/u/kwilson/ Kathleen Wilson])
 To connect with us directly, you can our contact details on [https://mozillians.org/en-US/group/securityengineeringstaff/ Mozillians].
@@ Line 35: / Line 36: @@
 For details of our projects in these four areas, see the [[Security/Roadmap|security roadmap]].
-==Current Efforts==
-'''Content Security'''
-{|class="wikitable"
-! Topic
-! Engineering Contact
-! QA Contact
-|-
-| [[Security/Application_Reputation|Application Reputation]]
-| [[User:Fmarier|Francois Marier]]
-|
-|-
-|-
-| [[Security/Contextual_Identity_Project/Containers|Containers]]
-| Tanvi Vyas
-| Kamil Jozwiak
-|-
-| [[Security/CSP|Content Security Policy]]
-| Christoph Kerschbaumer
-|
-|-
-| Meta Referrer
-|
-|
-|-
-| [[Security/Features/Mixed_Content_Blocker|Mixed Content Blocking]]
-| Tanvi Vyas
-|
-|-
-| [[CloudServices/Password_Manager|Password Manager]]
-| Tanvi Vyas
-| Kamil Jozwiak / SoftVision
-|-
-| [[Security/Features/Revamp_Security_Hooks|Revamp of Security Hooks]]
-| Christoph Kerschbaumer
-|
-|-
-| [[Security/Safe Browsing|Safe Browsing]]
-| [[User:Fmarier|Francois Marier]]
-|
-|-
-| [[Security/Subresource_Integrity|Sub-resource Integrity]]
-| [[User:Fmarier|Francois Marier]]
-|
-|-
-| [[Security/Tor_Uplift/Tracking|Tor Uplift]]
-| Ethan Tseng / Tom Ritter
-| Cynthia Tang / Kamil Jozwiak
-|-
-| [[Security/Tracking_protection|Tracking Protection]]
-| [[User:Fmarier|Francois Marier]]
-|
-|-
-| [[Security/Sandbox/Hardening|Sandbox Hardening]]
-| [[User:Ptheriault|Paul Theriault]]
-|
-|}
-'''Communications Security'''
-{|class="wikitable"
-! Topic
-! Engineering Contact
-! QA Contact
-|-
-| Add-on signing
-| Daniel Veditz
-|
-|-
-| [[CA:Overview|CA Program]]
-| Kathleen Wilson
-|
-|-
-| [[Security/TLS_Error_Reporting|Error Reporting]]
-| Mark Goodwin
-| Matt Wobensmith
-|-
-| [[Security/OneCRL|OneCRL]]
-| Mark Goodwin
-| Matt Wobensmith
-|}
 ==How to participate==
@@ Line 123: / Line 41: @@
 '''Follow our work:''' To see our current progress against features please see the [https://blog.mozilla.org/security/ Mozilla Security Blog].
-'''Do some reviews:'''
-* [https://bugzilla.mozilla.org/buglist.cgi?cmdtype=dorem&remaction=run&namedcmd=seceng%20waiting%20for%20reviews&sharer_id=339203&list_id=7536157 Add "seceng waiting for reviews" to your Bugzilla preferences]
-* See our [[SecurityEngineering/CodeReviewGuidelines]]
 '''Contribute:''' Wanna pitch in, maybe do a project?  Check out the [https://bugzil.la/sw:%5Bgood%20first%20bug%5D%20security good first bugs list] and if one interests you, contact us!
@@ Line 134: / Line 48: @@
 We have a few feature proposals for things we might want to add to Firefox but that aren't currently scheduled:
-* [[Security/Contextual_Identity_Project|Contextual Identity]]
 * [[Security/Foreign_Certificate_Warning|Foreign Certificate Warning]]
 * [[CloudServices/Password_Manager/Master_Password|Master Password]] in the Password Manager
-* [[Security/Contextual_Identity_Project/Private_Session|private sessions]] and [[Security/Contextual_Identity_Project/User_Profiles|user profiles]]
 * [[Security/Automatic_Private_Browsing_Upgrades|Automatic Private Browsing Upgrades]]
-From time to time we make add-ons to try out experimental features.  Here are a few; let us know what you think!
-* [https://addons.mozilla.org/en-us/firefox/addon/force-tls/ Force-TLS] ([https://code.google.com/p/force-tls/ get the code])
-* [https://addons.mozilla.org/en-US/firefox/addon/newusercspdesign/ User CSP]
 ==Security Bugs==
 If you've found a security bug please see http://www.mozilla.org/security/#For_Developers