Security/Program Management: Difference between revisions
< Security
Jump to navigation
Jump to search
(Creating Security Program Management wiki page) |
No edit summary |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
This document describes the Security Program Management function at Mozilla. If you have questions, please contact [mailto: | This document describes the Security Program Management function at Mozilla. If you have questions, please contact [mailto:curtisk@mozilla.com Curtis Koenig] or [mailto:abillings@mozilla.com Al Billings], the Security Program Managers. | ||
== External Communications == | == External Communications == | ||
| Line 9: | Line 9: | ||
== Security Metrics == | == Security Metrics == | ||
* Raise awareness within the organization of key product security metrics | * Raise awareness within the organization of key product security metrics | ||
** | ** Open Security Bugs | ||
** Client software crashes | ** Client software crashes | ||
| Line 28: | Line 28: | ||
** [[Security/Origin|Origin header]] | ** [[Security/Origin|Origin header]] | ||
* Drive implementation of security features, contributing to implementation where possible | * Drive implementation of security features, contributing to implementation where possible | ||
== New product and feature tracking == | |||
* Track new products and new product features to ensure they are reviewed | |||
* Manage internal and external testing schedules | |||
Latest revision as of 14:42, 31 January 2013
This document describes the Security Program Management function at Mozilla. If you have questions, please contact Curtis Koenig or Al Billings, the Security Program Managers.
External Communications
- Ensure responses are sent to inquiries made to security@mozilla.org
- Researchers reporting vulnerabilities
- Users reporting security problems with Mozilla products
- Help Mozilla Press produce responses to security-related questions from the media
Security Metrics
- Raise awareness within the organization of key product security metrics
- Open Security Bugs
- Client software crashes
Security Releases
- Help release drivers triage bugs needed on the stable branches
- Publish advisories for the security bugs fixed in each release
- Support Release Drivers, QA, and Release Engineering teams during out-of-band "firedrill" releases
Secure Development Lifecycle
- Develop material to increase awareness of and utilization of security best practices by Mozilla developers
- Secure Development Guidelines
- Mozilla JavaScript Security Training
- Deliver security training sessions to developers and QA engineers
Security Feature Development
- Help design security features
- Drive implementation of security features, contributing to implementation where possible
New product and feature tracking
- Track new products and new product features to ensure they are reviewed
- Manage internal and external testing schedules