Security/Archived/Reviews/: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
[https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review Security Review Calendar (.ics)]<br> | [https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review Security Review Calendar (.ics)]<br> | ||
[https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html Security Review Calendar (HTML)]<br> | [https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html Security Review Calendar (HTML)]<br> | ||
[[Security/ | [[Security/Radar/complete | Security Review Archive]]<br> | ||
===IRC Channel=== | ===IRC Channel=== | ||
Revision as of 18:12, 26 October 2011
Security Review Template
Security Review Calendar (.ics)
Security Review Calendar (HTML)
Security Review Archive
IRC Channel
Unless otherwise noted on the adgenda for a review the IRC channel for reviews shall be #security.
Scheduling a Review
- ) Review the Sec Review Calendar (linked above) for an open slot. Open slots are any date that has just 'SecReview' as the meeting topic. If a slot has SecReview: <something> than that slot is taken.
- ) Send an email with a link to the feature and your desired slot date to secteam at mozilla dot com.
Design Review
All features regardless of size should have a design review. These should occur before any code is landed to Mozilla Central (MC), the goal is to find architectural flaws that may result in serious security issues. When a feature page is created a security contact should be specified for the feature to ensue the smoothest integration for security input and reviews. If you find you are missing such a contact please email secteam at mozilla dot com to have one assigned. The level of work required for design reviews will vary depending on such factors as complexity of the feature, changes to known fragile code, and/or features that alter the security posture of the product or of Mozilla as a whole. Design reviews may be followed up with implementation reviews, fuzz testing, outside code review or other security tasks as deemed necessary to ensure the safety and security of our users.
Implementation Review
Just as it sounds this is a review of a patch and its corresponding implementation prior to that patch landing in a widely use branches (MC, Aurora, Beta, etc). Not all patches will require a security review, however, if a patch is deemed to need a security review and one is not completed that patch may be backed out until such a review is completed. Patch owners will most often be contacted by the security team for such a review, however, we encourage patch authors to be proactive and contact secteam when they are in doubt or feel a security review would be beneficial.
Tracking Features for Review
Current features are being track for review here: https://wiki.mozilla.org/Security/Radar
Firefox
- Firefox 9
- Firefox 8
- Firefox 7
- Firefox 6
- Firefox 5
- Firefox4.next
- Firefox 4.0 Security Reviews
- Firefox 3.6 Security Reviews
- Firefox 3.5 Security Reviews