Confirmed users
491
edits
Security/Reviews/Secure Development Lifecycle: Difference between revisions
Security/Reviews/Secure Development Lifecycle (view source)
Revision as of 17:25, 3 May 2012
, 3 May 2012→Mozilla Development Lifecycle Overview
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
= Objective = | = Objective = | ||
* Quickly bring products and | * Quickly bring products, applications, and features to market with integrated and verified controls that mitigate security and privacy risks to an understood and acceptable level | ||
* Capture the overall review lifecycle that ensures Mozilla applications, services and supporting infrastructure are appropriately supported in the areas of : | * Capture the overall review lifecycle that ensures Mozilla applications, services and supporting infrastructure are appropriately supported in the areas of : | ||
** Security | ** Security | ||
** Privacy | ** Privacy | ||
= Mozilla Development Lifecycle Overview= | = Mozilla Development Lifecycle Overview= | ||
The mozilla development lifecycle is fluid and informal. In the early stages projects often flow between Prototype and Design & Development stages frequently. | The mozilla development lifecycle is fluid and informal. In the early stages projects often flow between Prototype and Design & Development stages frequently. | ||
[[image:SecureDevelopmentLifecycle.png|600px|Image: 600 pixels]] | |||
== Phases of Development Lifecycle == | == Phases of Development Lifecycle == | ||
| Line 23: | Line 22: | ||
** Web Applications - Production Server | ** Web Applications - Production Server | ||
= Mozilla Secure Development = | = Mozilla Secure Development = | ||
Note: This process is flexible and adjusts to meet the demands of the particular project. Our goal is to responsibly get code to market and work together to identify any risks that we should be aware of. | Note: This process is flexible and adjusts to meet the demands of the particular project. Our goal is to responsibly get code to market and work together to identify any risks that we should be aware of. | ||
| Line 68: | Line 66: | ||
* '''Objective:''' Verify if planned security and privacy controls have been correctly implemented and also identify any other security or privacy risks inadvertently introduced during development | * '''Objective:''' Verify if planned security and privacy controls have been correctly implemented and also identify any other security or privacy risks inadvertently introduced during development | ||
* '''Audience:''' Security Assurance, Developers, & Mozilla Security Community | * '''Audience:''' Security Assurance, Developers, & Mozilla Security Community | ||
* '''Process to Engage:''' | * '''Process to Engage:''' If a Security Review Request has already been filed then just comment in the bug that we're reading for verification. If a [https://wiki.mozilla.org/Security/Reviews/Review_Request_Form#Security_Assurance_Security_Review_Request request] hasn't been filed, then please file one as soon as possible | ||
* '''Inputs:''' Running code | * '''Inputs:''' Running code | ||
* '''Outputs:''' Bugs for any identified security or privacy weaknesses | * '''Outputs:''' Bugs for any identified security or privacy weaknesses | ||