Security: Difference between revisions

Revision as of 14:32, 20 November 2012

Welcome to the Mozilla Security wiki.

Security-related bugs

Engaging with Security

How To Find Us

Lot's of options, we're here to help:

Security@mozilla.org - email us any questions, concerns, etc
Bugzilla Keyword - sec-review-needed - We triage based on this keyword and will jump in to provide assistance
#security on IRC
File a security/privacy review request via this link
Attend a Security Talk given by one of the security team

Security reviews for new features/products/applications

Main Article: Security/Reviews

Find past reviews by Category:SecReview

The Mozilla Secure Development Lifecycle

Understand the Secure Development Lifecycle used to secure our new features/products/applications
Information on Bugzilla and the Security Assurance Component

Security Bug Approval Process

Documented Here

Request a Security or Privacy Review

Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
We'll create and link the corresponding wiki page within the Security Radar
Security & Privacy Review Request Form

Security Radar

Unlinked Reviews
Android System Storage WebBattery BrowserID C API Add crossorigin attribute Sync Dialogue JetPack 2011-10-12 XHR non-post rewrite Stub Installer Sync Client Weave 1.3b5 Client DNSSEC-TLS Web Activities & F1 MouseLock Joystick

Unlinked Discussions
WebRTC

Security Feature Development

Main article: Security/Roadmap

Main article: Privacy/Roadmap

Security Initiatives

Security/TeamEmbedding
Prioritizing and driving non-feature work: Security/Driving

Security Resources and Blogs

Mozilla Official Sites

Personal Security Related Blogs of Mozillians

Twitter Accounts of Security Mozillians

Mozilla Security
Mozilla Web Security
Jesse Ruderman
Curtis Koenig (all kinds of random stuff)
Michael Coates
Tom Lowenthal (privacy)
Lucas Adamski
Alex Fowler
Yvan Boily
Daniel Veditz
Raymond Forbes
Al Billings (but mostly Buddhist and Hackerspace tweets)
Ian Melven
Guillaume Destuynder
Gary Kwong (all sorts of stuff)
Christian Holler (decoder)
Michael Henry (tinfoil)
Tanvi Vyas
Simon Bennetts (psiinon)
Matt Fuller (mfuller)

OWASP Projects and chapters

The Mozilla Security team is heavily involved with OWASP:

Michael Coates - OWASP Chair
Curtis Koenig - Louisville Chapter leader
Mark Goodwin - East Midlands Chapter leader
Raymond Forbes - Seattle Chapter leader
Simon Bennetts - ZAP Project leader and Manchester Chapter leader
Yvan Boily - Toronto Chapter leader

Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.

Non-Mozilla Resources (blogs, news sites, twitter, tools)

Other Security Resources

Stuff that needs to be merged into this page properly

Meeting Notes

Meetings

SecTeam Meetings 2012
2012-02-01 2012-01-25 2012-01-18 2012-01-11 2012-01-04

SecTeam Meetings 2011
2011-12-28 2011-12-21 2011-12-14 2011-12-07 2011-11-30 2011-11-23 2011-11-16 2011-11-09 2011-11-02 2011-10-26 2011-10-19 2011-10-12 2011-10-05 2011-09-28 No meeting on 9/14 (All Hands) or 9/21 (Fuzzing Work Week) 2011-09-07 2011-08-31 2011-08-24 Life Cycle discussion 2011-08-17 2011-08-10 2011-07-27 2011-07-20 2011-07-13 2011-07-06 2011-06-29 2011-06-22 2011-06-15 2011-06-08 2011-06-01

Joint Secteam-Infrasec Meetings 2012
2012-01-12

Joint Secteam-Infrasec Meetings 2011
2011-12-15 2011-11-17 2011-10-06 2011-09-08 2011-08-25 2011-08-11 2011-07-28 2011-06-16

@@ Line 107: / Line 107: @@
 * [https://twitter.com/psiinon Simon Bennetts (psiinon)]
 * [https://twitter.com/matthewdfuller Matt Fuller (mfuller)]
+==== OWASP Projects and chapters ====
+The Mozilla Security team is heavily involved with [https://www.owasp.org/ OWASP]:
+* [https://www.owasp.org/index.php/User:MichaelCoates Michael Coates] - OWASP Chair
+* [https://www.owasp.org/index.php/User:Curtis_Koenig Curtis Koenig] - [https://www.owasp.org/index.php/Louisville Louisville] Chapter leader
+* [https://www.owasp.org/index.php/User:Mark_Goodwin Mark Goodwin] - [https://www.owasp.org/index.php/East_Midlands East Midlands] Chapter leader
+* Raymond Forbes - [https://www.owasp.org/index.php/Seattle Seattle] Chapter leader
+* [https://www.owasp.org/index.php/User:Simon_Bennetts Simon Bennetts] - [https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project ZAP] Project leader and [https://www.owasp.org/index.php/Manchester Manchester] Chapter leader
+* [https://www.owasp.org/index.php/User:Yvan_Boily Yvan Boily] - [https://www.owasp.org/index.php/Toronto Toronto] Chapter leader
+Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.
 ==== Non-Mozilla Resources (blogs, news sites, twitter, tools) ====

Security: Difference between revisions

Revision as of 14:32, 20 November 2012

Contents

Security-related bugs

Engaging with Security

How To Find Us

Security reviews for new features/products/applications

The Mozilla Secure Development Lifecycle

Security Bug Approval Process

Request a Security or Privacy Review

Security Radar

Security Feature Development

Security Initiatives

Security Resources and Blogs

Mozilla Official Sites

Personal Security Related Blogs of Mozillians

Twitter Accounts of Security Mozillians

OWASP Projects and chapters

Non-Mozilla Resources (blogs, news sites, twitter, tools)

Stuff that needs to be merged into this page properly

Meeting Notes

Navigation menu

Security: Difference between revisions

Revision as of 14:32, 20 November 2012

Security-related bugs

Engaging with Security

How To Find Us

Security reviews for new features/products/applications

The Mozilla Secure Development Lifecycle

Security Bug Approval Process

Request a Security or Privacy Review

Security Radar

Security Feature Development

Security Initiatives

Security Resources and Blogs

Mozilla Official Sites

Personal Security Related Blogs of Mozillians

Twitter Accounts of Security Mozillians

OWASP Projects and chapters

Non-Mozilla Resources (blogs, news sites, twitter, tools)

Stuff that needs to be merged into this page properly

Meeting Notes

Navigation menu

Search