Component Tracking
Firefox
| Component
|
Security Resource
|
Next Milestone
|
Project Page
|
Data Flow Diagrams
|
Threat Model
|
Security Code Review Bug
|
Security Review
|
Status (At Risk | On Track)
|
Security Approved For Beta Launch?
|
| Firefox
|
|
|
|
|
|
|
|
|
| Mobile App API
|
|
|
|
|
|
|
|
|
| Desktop App API
|
|
|
|
|
|
|
|
|
| Desktop App Extension
|
|
|
|
data flow
|
|
|
|
|
| B2G API
|
|
|
|
|
|
|
|
|
WebRT
| Component
|
Security Resource
|
Next Milestone
|
Project Page
|
Data Flow Diagrams
|
Threat Model
|
Security Code Review Bug
|
Security Review
|
Status (At Risk | On Track)
|
Security Approved For Beta Launch?
|
| Mobile Firefox "App Mode"
|
|
|
|
|
|
|
|
|
| Desktop Firefox "App Mode"
|
|
|
|
|
|
|
|
|
| Android Soup
|
|
|
|
|
|
|
|
|
| Desktop XUL App
|
|
|
|
|
|
|
|
|
|
| Windows Launcher
|
|
|
|
|
|
|
|
|
| Mac Launcher
|
|
|
|
|
|
|
|
|
| Linux Launcher
|
|
|
|
|
|
|
|
|
| HTML5 dashboard
|
|
|
|
|
|
|
|
|
MarketPlace
| Component
|
Security Resource
|
Next Milestone
|
Project Page
|
Data Flow Diagrams
|
Threat Model
|
Security Code Review Bug
|
Security Review
|
Status (At Risk | On Track)
|
Security Approved For Beta Launch?
|
| App display-and-install flow
|
Raymond Forbes
|
|
link
|
|
|
|
|
|
| App purchase flow
|
Raymond Forbes
|
|
link
|
link
|
|
link
|
link
|
|
| In App purchase flow
|
Raymond Forbes
|
|
|
|
|
|
|
|
| Refund/Chargeback Process
|
Raymond Forbes
|
|
|
|
|
|
|
|
| App receipt generation
|
Raymond Forbes
|
|
|
|
|
|
|
|
| App receipt verification
|
Raymond Forbes
|
|
|
|
|
|
|
|
Sync
| Component
|
Security Resource
|
Next Milestone
|
Project Page
|
Data Flow Diagrams
|
Threat Model
|
Security Code Review Bug
|
Security Review
|
Status (At Risk | On Track)
|
Security Approved For Beta Launch?
|
| App Sync service
|
|
|
link
|
|
|
|
|
|
| Sauropod Data Storage
|
|
|
Pending - possible sync backend
|
|
|
|
|
|
Identity
| Component
|
Security Resource
|
Next Milestone
|
Project Page
|
Data Flow Diagrams
|
Threat Model
|
Security Code Review Bug
|
Security Review
|
Status (At Risk | On Track)
|
Security Approved For Beta Launch?
|
| BrowserID Authentication
|
|
|
|
|
|
|
|
|
| Native App Silent Install
|
|
|
|
|
|
|
|
|
Dynamic API Security
| Component
|
Security Resource
|
Next Milestone
|
Project Page
|
Data Flow Diagrams
|
Threat Model
|
Security Code Review Bug
|
Security Review
|
Status (At Risk | On Track)
|
Security Approved For Beta Launch?
|
| Apps API Permission Model
|
|
|
|
|
|
|
|
|
Plan for regulating APIs
based on App Status
|
|
|
|
|
|
|
|
|
| App Review
|
|
|
|
|
|
|
|
|
| App Revocation
|
|
|
|
|
|
|
|
|
Security Review Details
Data Flow Diagrams
Sequence diagrams (example) or descriptions of data movement (example)
Threat Model
Completed threat model - example
Security Code Review Bug
Bugzilla link for a security based code review of the major code involved in this component
Security Review
Link, if necessary, to a larger security review page that will track a variety of actions.
Timeline
This isn't the official progress tracker; however, the following health checks are planned:
- Data flow diagrams - Before December 25
- Threat Models - By January 15
| Component Areas
|
Project Page Available
|
'
|
Spec/Plan Complete
|
'
|
Data Flows Documented
|
'
|
Threat Modeling
|
'
|
Coding Complete
|
'
|
Security Code Review Complete
|
'
|
|
Target |
Actual |
Target |
Actual |
Target |
Actual |
Target |
Actual |
Target |
Actual |
Target |
Actual
|
| 1.1 Firefox |
15-Dec |
|
27-Dec |
|
NA |
|
15-Jan |
|
5-Feb |
|
15-Feb |
|
| 1.2 WebRT |
15-Dec |
|
27-Dec |
|
31-Dec |
|
15-Jan |
|
5-Feb |
|
15-Feb |
|
| 1.3 MarketPlace |
15-Dec |
|
27-Dec |
|
31-Dec |
|
15-Jan |
|
5-Feb |
|
15-Feb |
|
| 1.4 Sync |
15-Dec |
|
27-Dec |
|
31-Dec |
|
15-Jan |
|
5-Feb |
|
15-Feb |
|
| 1.5 Identity |
15-Dec |
|
27-Dec |
|
31-Dec |
|
15-Jan |
|
5-Feb |
|
15-Feb |
|
| 1.6 Dynamic API Security |
15-Dec |
|
27-Dec |
|
31-Dec |
|
15-Jan |
|
5-Feb |
|
15-Feb |
|