Security/Archived/TeamEmbedding: Difference between revisions
< Security
Jump to navigation
Jump to search
| Line 51: | Line 51: | ||
| Web Developer Tools||Mark Goodwin | | Web Developer Tools||Mark Goodwin | ||
|- | |- | ||
| Networking'''|| | | Networking'''|| Christoph Diehl | ||
|- | |- | ||
| Media / Codecs|| Christoph Diehl | | Media / Codecs|| Christoph Diehl | ||
Revision as of 11:21, 6 July 2012
What is team embedding?
The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications.
The Embedded Approach:
- Establishes a cohesive approach where all parties have a vested interest in a successful project
- Addresses security early in the life-cycle where changes are easier and less expensive
- Increases efficiency by establishing the embedded security rep as an expert on the specific application / product
- Functions across all portions of the organization to create a holistic view of organizational risk
- Creates a centralized body of security expertise that can implement standardized security procedures across the organization
Expectations:
- Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation.
- Expect to spend at least a few hours a week with the team.
- Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled.
Who is embedded where?
| Product / Feature | Embedded Resource(s) |
| B2G | Paul Theriault |
| Thunderbird | Adam Muntner |
| Rust | Jesse Ruderman |
| Mobile | David Chan |
| Sync | David Chan & Yvan Boily |
| Services | David Chan & Yvan Boily |
| Social - Pancake | Mark Goodwin |
| Firefox | |
| Jetpack, Add-on SDK, Add-on Builder | Dan Veditz |
| JS | Christian Holler |
| UX/front-end | Dan Veditz |
| DOM, XPconnect | Jesse Ruderman |
| Layout, Style | Jesse Ruderman |
| Automation Tools | Gary Kwong |
| Web Developer Tools | Mark Goodwin |
| Networking | Christoph Diehl |
| Media / Codecs | Christoph Diehl |
| Apps Project | |
| Market | Raymond Forbes |
| Firefox APIs | Raymond Forbes |
| Payment Flow | Raymond Forbes |
| App Sync | David Chan |
| Dynamic API Security Model | Raymond Forbes |
| WebRT | |
| Identity | |
| BrowserID | Yvan Boily |
| Identity Services | David Chan |
| Large Web Projects | |
| Addons.M.O | Raymond Forbes |
| Bugzilla.M.O | Mark Goodwin & Eric Parker |
| Mozillians | Raymond Forbes |
| MDN | Raymond Forbes |
| SUMO (Kitsune) |