canmove, Confirmed users
1,220
edits
Security/Testing: Difference between revisions
→How can we help you?
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Firefox Security Testing Team = | = Firefox Security Testing Team = | ||
Security Testing, Auditing and Monitoring | Securing Firefox through Security Testing, Auditing and Monitoring | ||
== | == What do we do? == | ||
* security testing new of features in Firefox desktop and mobile | |||
* security testing as part of [[Security/Reviews|security review]] process | |||
* target security code auditing (e.g. auditing of new libraries to be included in Firefox) | |||
* hunt and eradicate security bug classes in the Firefox codebase | |||
== What are we working on right now ?== | |||
See our [https://trello.com/b/ha57ZGpV/firefox-security-testing Trello board]. | |||
= | == How can we help you? == | ||
Contact us at [mailto:security-testing@mozilla.com security-testing@mozilla.com]. | |||
To report a security issue in Firefox desktop or mobile, use the client bug bounty form [https://bugzilla.mozilla.org/form.client.bounty here]. | |||
= What do we do? = | |||
==Release Security Testing== | ==Release Security Testing== | ||
Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by: | Security testing of features to mitigate implementation risk and catch common security flaws. Testing will be targeted on features identified by: | ||
* Residual risk highlighted by Engineering Security Review process | * Residual risk highlighted by Engineering Security Review process | ||
* Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review) | * Triage upcoming desktop & mobile features to identify “risky” features/changes that warrant security testing (catch-all for features which missed security review) | ||
== Vulnerability management and measurement == | == Vulnerability management and measurement == | ||
| Line 31: | Line 29: | ||
* Testing of large browser features that span multiple releases (e.g. Web Payments) | * Testing of large browser features that span multiple releases (e.g. Web Payments) | ||
* Testing of Firefox security components (e.g. Sandbox testing) | * Testing of Firefox security components (e.g. Sandbox testing) | ||
* Testing of areas of known weakness (e.g. components receiving frequent security issues | * Testing of areas of known weakness (e.g. components receiving frequent security issues through manual auditing, static analysis, instrumentation etc) | ||