Security/Champions: Difference between revisions
< Security
Jump to navigation
Jump to search
| Line 51: | Line 51: | ||
|Front End|| Jared Wein || | |Front End|| Jared Wein || | ||
|- | |- | ||
|Web Productions|| Andrei Hajdukewycz || | |||
|- | |- | ||
|||Matthew Noorenberghe || | |||Matthew Noorenberghe || | ||
Revision as of 23:02, 19 February 2013
Security Champions
Engagement Program
Path For Growth
Contributor
- Regular contributor with an interest in security
- Participates in security review activities appropriate with skill level
- participates in public security discussions and IRC channel (#security)
Security Contributor (Bug Bounty Reporters/Patch submitters)
- All activities associated with a contributor
- Contributes security documentation and/or other related content [1]
- Files security bugs (may or may not be pursuing bounties)
- Submits patches for or reviews patches security bugs
- Access to non-self security-sensitive bugs on an as needed basis
Security Champion
- Security Champions are active members of a team that make help to make decisions about when to engage others from the Security Team
- Recognized as an expert on a product with security knowledge and expertise
- Typically embedded within a team, providing guidance and expertise for that team
- Act as the "voice" of security for the given product
- Has access to security bugs for the given product
Security Mentors
- Security Champions for Domains - an expert on a certain domain of security such as cryptography, javascript, memory models, fuzzing, etc
- willing to mentor those that have questions or need guidance in a more general way
Security Group
- Governed by "Mozilla Security Group Membership Policy" https://www.mozilla.org/projects/security/membership-policy.html
- Member of security group; has visibility into security bugs, and responsibilities to help address those concerns
- Should be able to speak with authority and drive action within the Mozilla Community to address areas of security concern and act as an escalation path for Security Champions and Security Mentors
- May also act as Security Contributor, Security Champion or Security Mentor depending on individual impetus
[1] Related content may include but is not limited to: Brown Bags, Conference Talks, MDN documentation, Security Review Documentation, Foundational Security Documents (Flow Diagrams, Threat Models, etc), Security Tool contributions, Vulnerability Defence Documentation
Responsibilities
Security Champions
| Champion | Area | Point of Contact |
|---|---|---|
| Labs/Foundation | Atul Varma | Mark Goodwin |
| Labs/Identity | Brian Warner | |
| Marketplace | Andrew McKay | |
| WebDev | James Socol | |
| Front End | Jared Wein | |
| Web Productions | Andrei Hajdukewycz | |
| Matthew Noorenberghe | ||
| Felipe Gomes |