Security: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) (Clean up of the security landing page.) |
(Update link to Guidelines) |
||
| (16 intermediate revisions by 8 users not shown) | |||
| Line 1: | Line 1: | ||
“Individuals’ security and privacy on the Internet are | “Individuals’ security and privacy on the Internet are | ||
fundamental and must not be treated as optional.” | fundamental and must not be treated as optional.” | ||
- [http://www.mozilla.org/en-US/about/manifesto/ Mozilla Manifesto Principle 4] | - [http://www.mozilla.org/en-US/about/manifesto/ Mozilla Manifesto Principle 4] | ||
| Line 5: | Line 5: | ||
'''The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet. ''' | '''The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet. ''' | ||
This page documents the security-related activities | This page documents the security-related activities for Mozilla and how to join us. | ||
__TOC__ | __TOC__ | ||
== Reporting Security Issues == | == Reporting Security Issues == | ||
Mozilla relies on the security community to help secure our products and websites by reporting security issues. Our preference is to receive bug reports via our bug tracking system Bugzilla, however [https://www.mozilla.org/security/#For_Developers emailing security@mozilla.org ] (preferably encrypted) is also an option. | Mozilla relies on the security community to help secure our products and websites by reporting security issues. Our preference is to receive '''[[Security/Fileabug|bug reports]]''' via our bug tracking system Bugzilla, however [https://www.mozilla.org/security/#For_Developers emailing security@mozilla.org ] (preferably encrypted) is also an option. | ||
Details on the way we classify security bugs can be [[Security Severity Ratings|found here]]. | Details on the way we classify security bugs can be [[Security Severity Ratings|found here]]. | ||
== Security at Mozilla == | == Security at Mozilla == | ||
=== Who are we? === | === Who are we? === | ||
Security at Mozilla is distributed among the following teams: | Security at Mozilla is distributed among the following teams: | ||
* [[SecurityEngineering|Security Engineering]] | * [[SecurityEngineering|Security Engineering]] makes users of Firefox safer on the Internet. | ||
* [[Security/ | * [[Security/FoxSec|Security Operations]] protects the product infrastructure and builds security services. | ||
* [[Security/ | * Firefox Fuzzing finds vulnerabilities in Firefox. | ||
* [[Security/InfoSec|Security Assurance]] leads incident response, product security strategy, and risk management. | |||
=== Contacting Us === | === Contacting Us === | ||
| Line 27: | Line 28: | ||
** dev-security@lists.mozilla.org: this is the best place to ask security questions that don't need to be private. You might also try searching this list for answers to your questions | ** dev-security@lists.mozilla.org: this is the best place to ask security questions that don't need to be private. You might also try searching this list for answers to your questions | ||
** You can also find us on a number of security related mailing lists including W3C WebAppSec | ** You can also find us on a number of security related mailing lists including W3C WebAppSec | ||
* Via | * Via the [https://matrix.to/#/!xSFwJMLGSLXLaSUrHr:mozilla.org?via=mozilla.org&via=matrix.org #security] channel on Mozilla's [[Matrix]] instance. | ||
'''Need a security review for Firefox feature/change? See [[Security/Testing]].''' | |||
== Information for developers == | == Information for developers == | ||
===Security Bug Processes === | ===Security Bug Processes === | ||
* [[Security/Firefox_security_bug_fixing|Guidelines for fixing a core-security bug in Firefox]] | |||
* [[Security/Bug_Approval_Process|Approval for Landing Security Bugs]] | * [[Security/Bug_Approval_Process|Approval for Landing Security Bugs]] | ||
* [[Security/Web_Bug_Rotation|Web Bug Verification Rotation]] | * [[Security/Web_Bug_Rotation|Web Bug Verification Rotation]] | ||
* [[Security/Firefox/Security_Bug_Triage_Process|Security Bug Triage Process]] | |||
* [[Security/Firefox/Security_Bug_Life_Cycle|Security Bug Life Cycle]] | |||
* | |||
* [[Security/ | |||
== Contributing to the security of Mozilla products == | == Contributing to the security of Mozilla products == | ||
| Line 57: | Line 51: | ||
* Test Firefox or Mozilla Websites as part of our bug bounty programs | * Test Firefox or Mozilla Websites as part of our bug bounty programs | ||
=== Community === | === Community === | ||
* Test & provide feedback on new security features | * Test & provide feedback on new security features | ||
* Improve security documentation | * Improve security documentation | ||
| Line 66: | Line 60: | ||
* [[CA|Mozilla CA Root Program]] | * [[CA|Mozilla CA Root Program]] | ||
* [http://blog.mozilla.com/security Mozilla Security blog] | * [http://blog.mozilla.com/security Mozilla Security blog] | ||
* [ | * [https://infosec.mozilla.org/guidelines/ Security/Guidelines/] | ||
Latest revision as of 23:03, 12 March 2021
“Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” - Mozilla Manifesto Principle 4
The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet.
This page documents the security-related activities for Mozilla and how to join us.
Reporting Security Issues
Mozilla relies on the security community to help secure our products and websites by reporting security issues. Our preference is to receive bug reports via our bug tracking system Bugzilla, however emailing security@mozilla.org (preferably encrypted) is also an option.
Details on the way we classify security bugs can be found here.
Security at Mozilla
Who are we?
Security at Mozilla is distributed among the following teams:
- Security Engineering makes users of Firefox safer on the Internet.
- Security Operations protects the product infrastructure and builds security services.
- Firefox Fuzzing finds vulnerabilities in Firefox.
- Security Assurance leads incident response, product security strategy, and risk management.
Contacting Us
The Mozilla security team is available via a number of channels:
- Via email
- security@mozilla.org: to contact us privately or reporting security bugs
- dev-security@lists.mozilla.org: this is the best place to ask security questions that don't need to be private. You might also try searching this list for answers to your questions
- You can also find us on a number of security related mailing lists including W3C WebAppSec
- Via the #security channel on Mozilla's Matrix instance.
Need a security review for Firefox feature/change? See Security/Testing.
Information for developers
Security Bug Processes
- Guidelines for fixing a core-security bug in Firefox
- Approval for Landing Security Bugs
- Web Bug Verification Rotation
- Security Bug Triage Process
- Security Bug Life Cycle
Contributing to the security of Mozilla products
There are a range of ways to contribute to security engineering at Mozilla.
Developers
- Implement security features
- Fix outstanding security bugs
- Contribute to security feature development
Security Testers
- Test Firefox or Mozilla Websites as part of our bug bounty programs
Community
- Test & provide feedback on new security features
- Improve security documentation