Security/Archived/TeamEmbedding: Difference between revisions
< Security
Jump to navigation
Jump to search
m (Amuntner moved page Security/TeamEmbedding to Security/Archived/TeamEmbedding: Out of date page, no longer used. Archiving for historical purposes.) |
|||
| (38 intermediate revisions by 14 users not shown) | |||
| Line 1: | Line 1: | ||
==What is team embedding?== | ==What is team embedding?== | ||
*Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to | |||
The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications. | |||
The Embedded Approach: | |||
* Establishes a cohesive approach where all parties have a vested interest in a successful project | |||
* Addresses security early in the life-cycle where changes are easier and less expensive | |||
* Increases efficiency by establishing the embedded security rep as an expert on the specific application / product | |||
* Functions across all portions of the organization to create a holistic view of organizational risk | |||
* Creates a centralized body of security expertise that can implement standardized security procedures across the organization | |||
Expectations: | |||
*Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation. | |||
*Expect to spend at least a few hours a week with the team. | *Expect to spend at least a few hours a week with the team. | ||
*Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled. | *Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled. | ||
==Who is embedded where?== | ==Who is embedded where?== | ||
{| border="1" class="fullwidth-table sortable" | |||
| align="center" style="background:#f0f0f0;"|'''Product / Feature''' | |||
| align="center" style="background:#f0f0f0;"|'''Embedded Resource(s)''' | |||
|- | |||
| B2G||Paul Theriault | |||
|- | |||
| Rust||Jesse Ruderman | |||
|- | |||
| Mobile||Mark Goodwin | |||
|- | |||
| Sync ||Simon Bennetts | |||
|- | |||
| Services||Simon Bennetts | |||
|- | |||
| Cloud Services||Adam Muntner | |||
|- | |||
| align="center" style="background:#f0f0f0;"|'''Firefox''' | |||
| align="center" style="background:#f0f0f0;"| | |||
|- | |||
| Jetpack, Add-on SDK, Add-on Builder||Dan Veditz | |||
|- | |||
| JS||Christian Holler | |||
|- | |||
| UX/front-end|| Dan Veditz | |||
|- | |||
| DOM, XPconnect||Jesse Ruderman | |||
|- | |||
| Layout, Style||Jesse Ruderman | |||
|- | |||
| Automation Tools||Gary Kwong | |||
|- | |||
| Web Developer Tools||Mark Goodwin | |||
|- | |||
| Networking'''|| Christoph Diehl | |||
|- | |||
| Media || Christoph Diehl | |||
|- | |||
| Gfx || Christoph Diehl | |||
|- | |||
| align="center" style="background:#f0f0f0;"|'''Apps Project''' | |||
| align="center" style="background:#f0f0f0;"| | |||
|- | |||
| Marketplace||Adam Muntner | |||
|- | |||
| Payments||Adam Muntner | |||
|- | |||
| Firefox APIs||Raymond Forbes | |||
|- | |||
| App Sync||David Chan | |||
|- | |||
| Dynamic API Security Model||Raymond Forbes | |||
|- | |||
| WebRT|| | |||
|- | |||
| align="center" style="background:#f0f0f0;"|'''Identity''' | |||
| align="center" style="background:#f0f0f0;"| | |||
|- | |||
| BrowserID||Yvan Boily | |||
|- | |||
| Identity Services||Yvan Boily | |||
|- | |||
| align="center" style="background:#f0f0f0;"|'''Large Web Projects''' | |||
| align="center" style="background:#f0f0f0;"| | |||
|- | |||
| Addons.M.O||Adam Muntner | |||
|- | |||
| Bugzilla.M.O||Mark Goodwin & Eric Parker | |||
|- | |||
| Mozillians||Raymond Forbes | |||
|- | |||
| MDN||Raymond Forbes | |||
|- | |||
| SUMO (Kitsune)|| | |||
|- | |||
| align="center" style="background:#f0f0f0;"|'''Operations Security''' | |||
| align="center" style="background:#f0f0f0;"| | |||
|- | |||
| Network Operations || Michal Purzynski | |||
|- | |||
| Mozilla Foundation || Michal Purzynski | |||
|- | |||
| Release Engineering || Joe Stevensen | |||
|- | |||
| Service Operations || Guillaume Destuynder | |||
|- | |||
| Web Operations || Julien Vehent | |||
|- | |||
| align="center" style="background:#f0f0f0;"|'''Firefox OS Security''' | |||
| align="center" style="background:#f0f0f0;"| | |||
|- | |||
| Performance || Paul Theriault | |||
|- | |||
| Media Recording || Paul Theriault | |||
|- | |||
| RIL || Paul Theriault | |||
|- | |||
| Productivity || Frederik Braun | |||
|- | |||
| Media || Frederik Braun | |||
|- | |||
| Systems-Frontend || Robert Fletcher | |||
|- | |||
| Devices || Robert Fletcher | |||
|- | |||
| Comms || Stéphanie Ouillon | |||
|- | |||
| Systems-Platform || Stéphanie Ouillon | |||
|- | |||
| FxA & Malware prevention || Christiane Rütten | |||
|} | |||
Latest revision as of 19:23, 25 April 2016
What is team embedding?
The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications.
The Embedded Approach:
- Establishes a cohesive approach where all parties have a vested interest in a successful project
- Addresses security early in the life-cycle where changes are easier and less expensive
- Increases efficiency by establishing the embedded security rep as an expert on the specific application / product
- Functions across all portions of the organization to create a holistic view of organizational risk
- Creates a centralized body of security expertise that can implement standardized security procedures across the organization
Expectations:
- Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation.
- Expect to spend at least a few hours a week with the team.
- Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled.
Who is embedded where?
| Product / Feature | Embedded Resource(s) |
| B2G | Paul Theriault |
| Rust | Jesse Ruderman |
| Mobile | Mark Goodwin |
| Sync | Simon Bennetts |
| Services | Simon Bennetts |
| Cloud Services | Adam Muntner |
| Firefox | |
| Jetpack, Add-on SDK, Add-on Builder | Dan Veditz |
| JS | Christian Holler |
| UX/front-end | Dan Veditz |
| DOM, XPconnect | Jesse Ruderman |
| Layout, Style | Jesse Ruderman |
| Automation Tools | Gary Kwong |
| Web Developer Tools | Mark Goodwin |
| Networking | Christoph Diehl |
| Media | Christoph Diehl |
| Gfx | Christoph Diehl |
| Apps Project | |
| Marketplace | Adam Muntner |
| Payments | Adam Muntner |
| Firefox APIs | Raymond Forbes |
| App Sync | David Chan |
| Dynamic API Security Model | Raymond Forbes |
| WebRT | |
| Identity | |
| BrowserID | Yvan Boily |
| Identity Services | Yvan Boily |
| Large Web Projects | |
| Addons.M.O | Adam Muntner |
| Bugzilla.M.O | Mark Goodwin & Eric Parker |
| Mozillians | Raymond Forbes |
| MDN | Raymond Forbes |
| SUMO (Kitsune) | |
| Operations Security | |
| Network Operations | Michal Purzynski |
| Mozilla Foundation | Michal Purzynski |
| Release Engineering | Joe Stevensen |
| Service Operations | Guillaume Destuynder |
| Web Operations | Julien Vehent |
| Firefox OS Security | |
| Performance | Paul Theriault |
| Media Recording | Paul Theriault |
| RIL | Paul Theriault |
| Productivity | Frederik Braun |
| Media | Frederik Braun |
| Systems-Frontend | Robert Fletcher |
| Devices | Robert Fletcher |
| Comms | Stéphanie Ouillon |
| Systems-Platform | Stéphanie Ouillon |
| FxA & Malware prevention | Christiane Rütten |