Security: Difference between revisions
Jump to navigation
Jump to search
| Line 109: | Line 109: | ||
==== OWASP Projects and chapters ==== | ==== OWASP Projects and chapters ==== | ||
The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]: | The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]: | ||
* [https://www.owasp.org/index.php/User:Curtis_Koenig Curtis Koenig] - [https://www.owasp.org/index.php/Louisville Louisville] Chapter leader | * [https://www.owasp.org/index.php/User:Curtis_Koenig Curtis Koenig] - [https://www.owasp.org/index.php/Louisville Louisville] Chapter leader | ||
* [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader | * [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader | ||
* Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader | * Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader | ||
* [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader | * [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] and [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project VWAD] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader | ||
* [https://www.owasp.org/index.php/User:Yvan_Boily Yvan Boily] - [https://www.owasp.org/index.php/Vancouver Vancouver] Chapter leader | * [https://www.owasp.org/index.php/User:Yvan_Boily Yvan Boily] - [https://www.owasp.org/index.php/Vancouver Vancouver] Chapter leader | ||
Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences. | Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences. | ||
Revision as of 13:12, 10 December 2013
Welcome to the Mozilla Security wiki.
- Security Severity Ratings
- How to report a security issue
- Want to fix a security bug? Here is a list of old thorny bugs you can take on.
Engaging with Security
How To Find Us
Lot's of options, we're here to help:
- Security@mozilla.org - email us any questions, concerns, etc
- Bugzilla Keyword - sec-review-needed - We triage based on this keyword and will jump in to provide assistance
- #security on IRC
- File a security/privacy review request via this link
- Attend a Security Talk given by one of the security team
Security reviews for new features/products/applications
Main Article: Security/Reviews
- Find past reviews by Category:SecReview
The Mozilla Secure Development Lifecycle
- Understand the Secure Development Lifecycle used to secure our new features/products/applications
- Information on Bugzilla and the Security Assurance Component
Security Bug Processes
Request a Security or Privacy Review
- Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
- We'll create and link the corresponding wiki page within the Security Radar
- Security & Privacy Review Request Form
Security Radar
| Unlinked Reviews |
|---|
| Unlinked Discussions |
|---|
Security Feature Development
We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the SecurityEngineering page for more info!
Security Initiatives
- Security/TeamEmbedding
- Prioritizing and driving non-feature work: Security/Driving
Security Resources and Blogs
Mozilla Official Sites
- Mozilla Security Center
- Mozilla security developer docs
- Mozilla CA Root Program
- Mozilla Security blog
- Mozilla WebApp Sec Blog
- Secure Coding Guidelines for Webapps
Personal Security Related Blogs of Mozillians
- Lucas Adamski's blog
- Sid Stamm's blog
- Curtis Koenig's blog
- Jesse Ruderman's blog (fuzzing entries, security entries)
- Ian Melven's Mozilla/Security blog
- Christian Holler's blog (decoder)
Twitter Accounts of Security Mozillians
- Mozilla Security
- Mozilla Web Security
- Jesse Ruderman
- Curtis Koenig (all kinds of random stuff)
- Tom Lowenthal (privacy)
- Lucas Adamski
- Alex Fowler
- Yvan Boily
- Daniel Veditz
- Raymond Forbes
- Al Billings (but mostly Buddhist and Hackerspace tweets)
- Ian Melven
- Guillaume Destuynder
- Joe Stevensen
- Gary Kwong (all sorts of stuff)
- Christian Holler (decoder)
- Michael Henry (tinfoil)
- Tanvi Vyas
- Simon Bennetts (psiinon)
- Matt Fuller (mfuller)
- Jeff Bryner (jeff)
OWASP Projects and chapters
The Mozilla Security team is heavily involved with OWASP:
- Curtis Koenig - Louisville Chapter leader
- Mark Goodwin - East Midlands Chapter leader
- Raymond Forbes - Seattle Chapter leader
- Simon Bennetts - ZAP and VWAD Project leader and Manchester Chapter leader
- Yvan Boily - Vancouver Chapter leader
Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.
Non-Mozilla Resources (blogs, news sites, twitter, tools)
Stuff that needs to be merged into this page properly
Meeting Notes
| Meetings | ||||||||
|---|---|---|---|---|---|---|---|---|
|