canmove, Confirmed users
1,220
edits
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
= Firefox Security Testing Team = | = Firefox Security Testing Team = | ||
Security Testing, Auditing and Monitoring to | Securing Firefox through Security Testing, Auditing and Monitoring | ||
Email us at security-testing@mozilla.com. | |||
What are we working on? See our Trello board. | |||
We can help you if you need: | |||
- security testing of a feature you have built (or are close to building) | |||
- in-depth security auditing | |||
== Contact == | == Contact == | ||
= | |||
To report a security issue in Firefox desktop or mobile, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here]. | |||
= What do we do? = | |||
==Release Security Testing== | ==Release Security Testing== | ||
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by: | Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by: | ||
* Residual risk highlighted by Engineering Security Review process | * Residual risk highlighted by Engineering Security Review process | ||
* Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review) | * Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review) | ||
== Vulnerability management and measurement == | == Vulnerability management and measurement == | ||
Line 21: | Line 30: | ||
* Testing of large browser features that span multiple releases (e.g. Web Payments) | * Testing of large browser features that span multiple releases (e.g. Web Payments) | ||
* Testing of Firefox security components (e.g. Sandbox testing) | * Testing of Firefox security components (e.g. Sandbox testing) | ||
* Testing of areas of known weakness (e.g. components receiving frequent security issues | * Testing of areas of known weakness (e.g. components receiving frequent security issues through manual auditing, static analysis, instrumentation etc) | ||