Security
Jump to navigation
Jump to search
“Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.” - Mozilla Manifesto Principle 4
The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet.
This page documents the security-related activities where Mozilla active, and how to join us.
- Security Severity Ratings
- How to report a security issue
- Want to fix a security bug? Here is a list of old thorny bugs you can take on.
Engaging with Security
How To Find Us
Lots of options, we're here to help:
- Security@mozilla.org - email us any questions, concerns, etc
- Bugzilla Keyword - sec-review-needed - We triage based on this keyword and will jump in to provide assistance
- #security on IRC
- File a security/privacy review request via this link
- Attend a Security Talk given by one of the security team
Security reviews for new features/products/applications
Main Article: Security/Reviews
- Find past reviews by Category:SecReview
The Mozilla Secure Development Lifecycle
- Understand the Secure Development Lifecycle used to secure our new features/products/applications
- Information on Bugzilla and the Security Assurance Component
Security Bug Processes
Request a Security or Privacy Review
- Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
- We'll create and link the corresponding wiki page within the Security Radar
- Security & Privacy Review Request Form
Security Radar
| Unlinked Reviews |
|---|
| Unlinked Discussions |
|---|
Security Feature Development
We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the SecurityEngineering page for more info!
Security Initiatives
- Security/TeamEmbedding
- Prioritizing and driving non-feature work: Security/Driving
- Open Mic Sessions
- Security/Training
Security Resources and Blogs
Mozilla Official Sites
- Mozilla Security Center
- Mozilla security developer docs
- Mozilla CA Root Program
- Mozilla Security blog
- Mozilla WebApp Sec Blog
- Secure Coding Guidelines for Webapps
Personal Security Related Blogs of Mozillians
- Lucas Adamski's blog
- Sid Stamm's blog
- Curtis Koenig's blog
- Jesse Ruderman's blog (fuzzing entries, security entries)
- Ian Melven's Mozilla/Security blog
- Christian Holler's blog (decoder)
- Guillaume Destuynder's blog (kang)
- Julien Vehent's blog (ulfr)
- Michal Purzynski's blog (michal`)
Twitter Accounts of Security Mozillians
- Mozilla Security
- Mozilla Web Security
- Jesse Ruderman
- Yvan Boily
- Daniel Veditz
- Raymond Forbes
- Al Billings (but mostly Buddhist and Hackerspace tweets)
- Guillaume Destuynder
- Joe Stevensen
- Gary Kwong (all sorts of stuff)
- Christian Holler (decoder)
- Tanvi Vyas
- Simon Bennetts (psiinon)
- Jeff Bryner (jeff)
- Julien Vehent (ulfr)
- Gene Wood (gene)
- Michal Purzynski (michal`)
Former members, still Mozillians
OWASP Projects and chapters
The Mozilla Security team is heavily involved with OWASP:
- Curtis Koenig - Louisville Chapter leader
- Mark Goodwin - East Midlands Chapter leader
- Raymond Forbes - Seattle Chapter leader
- Simon Bennetts - ZAP and VWAD Project leader and Manchester Chapter leader
- Yvan Boily - Vancouver Chapter leader
Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.
Non-Mozilla Resources (blogs, news sites, twitter, tools)
Stuff that needs to be merged into this page properly
Meeting Notes
| Meetings | ||||||||
|---|---|---|---|---|---|---|---|---|
|