Security/B2G: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
Line 13: Line 13:
  |}
  |}


==Ongoing work==
==Team Responsibilities==
# FirefoxOS related security reviews : [http://scrumbu.gs/p/firefox-os-security-reviews/]
 
# Document Firefox OS Security : [[Security/B2G/Documentation]]
==== Security Assurance ====
''Objective: “Ensure security throughout OS development lifecycle”''
* Embedding/team support/security guidance
* Catching security oversights
* Identifying and promoting good security practices (consistency, patterns and practices)
* Closing the bug loop, pushing security bugs to resolution   
 
==== Security Improvement ====
''Objective: “Drive security improvements to support evolving device and app requirements, and to bring us to parity with other mobile platforms”''
* Update Firefox OS Application security model to address emerging APIs, use cases and threats
* Coordinate between platform & B2G teams on security feature development
* Contribute patches for minor security improvements
* Coordinating/encouraging community security contributions
* Drive development of new security features (e.g. crypto support)
 
==== Ecosystem Security ====
''Objective: “Empower community to help secure Firefox OS”''
* Improve effectiveness and scalability of Marketplace security review process
* Provide security guidance to developers & reviewers (e.g MDN documentation)
* Development of tools for app developers & reviewers
* App security incident response (vulnerable or malicious apps)
 
==== Partner Security Program ====
''Objective: “Help and monitor partners to ensure our users are protected”''
* Work with partners to ensure security of vendor modifications & co-ordinate security updates
* Enforce security through partner certification program
* Security incident response, management, and partner fix coordination


== Useful Links ==
== Useful Links ==

Revision as of 05:24, 14 April 2014

Firefox OS Security Team

Summary

Lead Paul Theriault (irc: pauljt)
Team Members Rob Fletcher (irc: omerta), Frederick Braun (irc: freddyb), Christiane Ruetten (irc: cr), Stéphanie Ouillon (irc: arroway)
References Firefox OS Security Model Overview

Team Responsibilities

Security Assurance

Objective: “Ensure security throughout OS development lifecycle”

  • Embedding/team support/security guidance
  • Catching security oversights
  • Identifying and promoting good security practices (consistency, patterns and practices)
  • Closing the bug loop, pushing security bugs to resolution

Security Improvement

Objective: “Drive security improvements to support evolving device and app requirements, and to bring us to parity with other mobile platforms”

  • Update Firefox OS Application security model to address emerging APIs, use cases and threats
  • Coordinate between platform & B2G teams on security feature development
  • Contribute patches for minor security improvements
  • Coordinating/encouraging community security contributions
  • Drive development of new security features (e.g. crypto support)

Ecosystem Security

Objective: “Empower community to help secure Firefox OS”

  • Improve effectiveness and scalability of Marketplace security review process
  • Provide security guidance to developers & reviewers (e.g MDN documentation)
  • Development of tools for app developers & reviewers
  • App security incident response (vulnerable or malicious apps)

Partner Security Program

Objective: “Help and monitor partners to ensure our users are protected”

  • Work with partners to ensure security of vendor modifications & co-ordinate security updates
  • Enforce security through partner certification program
  • Security incident response, management, and partner fix coordination

Useful Links

Wiki

MDN

Various


Meetings

Connection Information

  • Dial-in:
    • +1 650 903 0800 x92 Conf 98500#
    • +1 416 848 3114 x92 Conf 98500#
    • +1 800 707 2533 (pin 369) Conf 98500# (toll free, Skype)
  • Vidyo: B2G Vidyo room

FirefoxOS Security Weekly Meeting

  • Time: Tuesdays 1330 PDT / 2130 CET / 0430 CST / 2130 UTC
  • Notes during the meeting are captured on this etherpad.

Subpages of Security/B2G

Retrieved from "https://wiki.allizom.org/index.php?title=Security/B2G&oldid=964045"