Security/Testing: Difference between revisions

← Older edit

Security/Testing (view source)

Revision as of 03:41, 23 April 2019

479 bytes added , 23 April 2019

→‎How can we help you?

Ptheriault

canmove, Confirmed users

1,220

edits

@@ Line 1: / Line 1: @@
 = Firefox Security Testing Team =
-Security Testing, Auditing and Monitoring to keep Firefox secure
+Securing Firefox through Security Testing, Auditing and Monitoring
-== Contact ==
+== What do we do? ==
-Email us at security-testing@mozilla.com.
+* security testing new of features in Firefox desktop and mobile
+* security testing as part of [[Security/Reviews|security review]] process
+* target security code auditing (e.g. auditing of new libraries to be included in Firefox)
+* hunt and eradicate security bug classes in the Firefox codebase
-To report a security issue on a given site, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here].
+== What are we working on right now ?==
+See our [https://trello.com/b/ha57ZGpV/firefox-security-testing Trello board].
-= Activities =
+== How can we help you? ==
+Contact us at [mailto:security-testing@mozilla.com security-testing@mozilla.com].
+To report a security issue in Firefox desktop or mobile, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here].
+= What do we do? =
 ==Release Security Testing==
 Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by:
 * Residual risk highlighted by Engineering Security Review process
 * Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review)
-Queue: https://mzl.la/2CVfuCn
-<bugzilla>
+== Vulnerability management and measurement ==
-    {
+Security Activities in in the post-release phase - monitoring of incoming security bugs, measuring features on the web, and security maintenance activities like monitoring for security issues in dependencies.
-        "product": "Firefox",
-        "component": "Security: Review Requests",
-        "whiteboard": "testing",
-        "include_fields": ["id", "summary", "whiteboard", "status", "resolution"]
-    }
+==Security Auditing Projects==
-</bugzilla>
+Target security testing projects not tied to a specific Firefox release:
+* Testing of large browser features that span multiple releases (e.g. Web Payments)
-https://bugzilla.mozilla.org/rest/bug?include_fields=id,summary,status&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&columnlist=product%2Ccomponent%2Cassigned_to%2Cbug_status%2Cresolution%2Cshort_desc%2Cchangeddate%2Cstatus_whiteboard%2Ctarget_milestone%2Ccf_last_resolved&component=Security%3A%20Review%20Requests&product=Firefox&status_whiteboard=testing&status_whiteboard_type=allwordssubstr
+* Testing of Firefox security components (e.g. Sandbox testing)
+* Testing of areas of known weakness (e.g. components receiving frequent security issues through manual auditing, static analysis, instrumentation etc)