Security/Champions: Difference between revisions

← Older edit

Security/Champions (view source)

Revision as of 22:16, 12 November 2013

1,016 bytes added , 12 November 2013

→‎List of Security Champions

Curtisk

canmove, Confirmed users, Bureaucrats and Sysops emeriti

2,776

edits

@@ Line 1: / Line 1: @@
 == Security Champions ==
+* Security Champions are active members of a team that make help to make decisions about when to engage the Security Team
+* Act as the "voice" of security for the given product or team
+* Assist in the triage of security bugs for their team or area
-=== Engagement Program ===
+=== Presentations about Security Champions ===
-Path For Growth
+*[https://people.mozilla.org/~ckoenig/Presentations/SecChamps2013.html Mozilla Summit 2013 Update]
-=== Contributor ===
+*[https://people.mozilla.org/~ckoenig/Presentations/security-champions.html Original Announcement]
-* Regular contributor with an interest in security
-* Participates in security review activities appropriate with skill level
-* participates in public security discussions and IRC channel (#security)
-=== Security Contributor (Bug Bounty Reporters/Patch submitters) ===
-* All activities associated with a contributor
-* Contributes security documentation and/or other related content [1]
-* Files security bugs (may or may not be pursuing bounties)
-* Submits patches for or reviews patches security bugs
-* Access to non-self security-sensitive bugs on an as needed basis
-=== Security Champion ===
-* Security Champions are active members of a team that make help to make decisions about when to engage others from the Security Team
-* Recognized as an expert on a product with security knowledge and expertise
-* Typically embedded within a team, providing guidance and expertise for that team
-* Act as the "voice" of security for the given product
-* Has access to security bugs for the given product
-=== Security Mentors ===
-* Security Champions for Domains - an expert on a certain domain of security such as cryptography, javascript, memory models, fuzzing, etc
-* willing to mentor those that have questions or need guidance in a more general way
-=== Security Group ===
-** Governed by "Mozilla Security Group Membership Policy" https://www.mozilla.org/projects/security/membership-policy.html
-** Member of security group; has visibility into security bugs, and responsibilities to help address those concerns
-** Should be able to speak with authority and drive action within the Mozilla Community to address areas of security concern and act as an escalation path for Security Champions and Security Mentors
-** May also act as Security Contributor, Security Champion or Security Mentor depending on individual impetus
-[1] Related content may include but is not limited to: Brown Bags, Conference Talks, MDN documentation, Security Review Documentation, Foundational Security Documents (Flow Diagrams, Threat Models, etc), Security Tool contributions, Vulnerability Defence Documentation
-=== Responsibilities ===
+=== Expectations ===
+* Participate in the security champions mailing list &
+* Attend one of 2 monthly meetings
+** Either the 2nd (AM PST) or 4th (PM PST) Tuesday of the month
+* Assist in making security decisions for their team
+** Low-Moderate security impact
+*** Empowered to make decisions
+*** Document decisions made in bugs or wiki
+** High-Critical security impact
+** Engage SA team for current review process
+** Can always engage using sec-review ? flag on any bug
-== Security Champions ==
+=== List of Security Champions ===
 {| class="wikitable"
@@ Line 42: / Line 29: @@
 |-
 |Labs/Foundation||Atul Varma || Mark Goodwin
-|-
-|Labs/Identity||Brian Warner||
 |-
 |Marketplace||Andrew McKay ||
 |-
-|WebDev|| James Socol ||
+|WebDev|| Will Kahn-Greene || Frederik Braun
 |-
 |Front End|| Jared Wein ||
@@ Line 58: / Line 43: @@
 |-
 |Persona||François Marier ||
+|-
+|PiCl||Brian Warner||
+|-
+|Metro Firefox|| Brian Bondy ||
+|-
+|Metro Firefox|| Tim Abraldes||
+|-
+|Metro Firefox|| Matt Brubeck||
+|-
+|Mobile||Jim Chen || Mark Goodwin
+|-
+|Automation||Jonathan Griffin || Gary Kwong
+|-
+|Automation||Dave Lawrence||Gary Kwong
 |-
 |}
+=== How to Become a Security Champion ===
+# Review the information above to ensure you understand it
+# Discuss with your team/area to so they know you intend to take on this role
+# send email to curtisk with your name and area you wish to be a champion for
+=Other Types of Security Contributors=
+=== Contributor ===
+* Regular contributor with an interest in security
+* Participates in security review activities appropriate with skill level
+* participates in public security discussions and IRC channel (#security)
+=== Security Contributor (Bug Bounty Reporters/Patch submitters) ===
+* All activities associated with a contributor
+* Contributes security documentation and/or other related content [1]
+* Files security bugs (may or may not be pursuing bounties)
+* Submits patches for or reviews patches security bugs
+* Access to non-self security-sensitive bugs on an as needed basis
+=== Security Mentors ===
+* Security Champions for Domains - an expert on a certain domain of security such as cryptography, javascript, memory models, fuzzing, etc
+* willing to mentor those that have questions or need guidance in a more general way
+=== Security Group ===
+** Governed by "Mozilla Security Group Membership Policy" https://www.mozilla.org/projects/security/membership-policy.html
+** Member of security group; has visibility into security bugs, and responsibilities to help address those concerns
+** Should be able to speak with authority and drive action within the Mozilla Community to address areas of security concern and act as an escalation path for Security Champions and Security Mentors
+** May also act as Security Contributor, Security Champion or Security Mentor depending on individual impetus
+[1] Related content may include but is not limited to: Brown Bags, Conference Talks, MDN documentation, Security Review Documentation, Foundational Security Documents (Flow Diagrams, Threat Models, etc), Security Tool contributions, Vulnerability Defence Documentation