canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Process/Secreview Bug Process: Difference between revisions
Security/Process/Secreview Bug Process (view source)
Revision as of 20:33, 20 December 2013
, 20 December 2013no edit summary
Ptheriault (talk | contribs) |
No edit summary |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
Date: 2013.11.08 | Date: 2013.11.08 | ||
ToDo: | ToDo: | ||
* | * Final sign off | ||
==Document Purpose== | ==Document Purpose== | ||
| Line 23: | Line 21: | ||
* For urgent security reviews, please contact XXXX ? | * For urgent security reviews, please contact XXXX ? | ||
== Bugs using sec-review ? == | === Bugs using sec-review ? === | ||
* The sec-review requestee will be set to a member of the team who will prefrom the neccessary work. | * The sec-review requestee will be set to a member of the team who will prefrom the neccessary work. | ||
* Bugs with work estimate < 1hr | * Bugs with work estimate < 1hr | ||
| Line 31: | Line 29: | ||
* Follow the process below. | * Follow the process below. | ||
==Security Assurance: Review Request== | Tools : [https://wiki.mozilla.org/Security/RiskRatings#What_Scores_Mean Estimation of work] | ||
===Security Assurance: Review Request=== | |||
# Create a bug in the '''Security Assurance: Review Request''' and assign to nobody | # Create a bug in the '''Security Assurance: Review Request''' and assign to nobody | ||
#* If both appsec and opsec involvemnet is needed seperate bugs need to be filled | #* If both appsec and opsec involvemnet is needed seperate bugs need to be filled | ||
| Line 38: | Line 38: | ||
# In comment 0 please answer the questions below | # In comment 0 please answer the questions below | ||
=== Questions to Address within Request Body === | ==== Questions to Address within Request Body ==== | ||
#Who is/are the point of contact(s) for this review? | #Who is/are the point of contact(s) for this review? | ||
#Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): | #Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): | ||
| Line 50: | Line 50: | ||
#*Will your application/service collect user data? If so, please describe | #*Will your application/service collect user data? If so, please describe | ||
#If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): | #If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): | ||
#Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to | #Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite. | ||
== Triage Process == | == Triage Process == | ||