Security/Reviews/Review Request Form

From MozillaWiki
< Security‎ | Reviews
Revision as of 02:43, 22 February 2012 by Mcoates (talk | contribs) (Created page with "= Am I in the right place? = The Security Assurance team provides security and privacy reviews for any new product feature, application or service created by Mozilla. These revie...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Am I in the right place?

The Security Assurance team provides security and privacy reviews for any new product feature, application or service created by Mozilla. These reviews are required before the new code is launched. We have many security reviews each quarter; it is best to file a security review request at the beginning of your project.

What happens during the security & privacy review?

The Security Assurance team will review the design and code to identify security vulnerabilities that could place users or the application/system at risk. In addition we review handling of user data to ensure the data is protected with technical controls and handled in line with our privacy principles. Also, don't hesitate to ask us questions during any point of code development. You can reach our team at security@mozilla.com

Security Assurance Security Review Request

You have two options to engage the Security Assurance team.

  1. Lightweight review of a small patch or security / privacy guidance needed within a bug
    1. Simply use the keyword "sec-review-needed" within the bugzilla keyword field.
    2. This automatically adds the bug to our triage and we'll soon jump on the bug to assist as needed
  1. File a new bug within Bugzilla for the request.
  2. Block an existing deployment request bug with the Security Assurance review bug.
  3. Assign the bug to Product: Mozilla.org and Component: Infrastructure Security.

    Here is a direct bugzilla link <- IMPORTANT: Please use this url. It populates important data into the bug for tracking purposes. Without this data the request will get lost in bugzilla.

  4. Make sure to copy mcoates <at> mozilla.com
  5. Within the request, please answer the questions below


Questions to Address within Request Body

Please copy these questions into the bug and answer inline.

  1. Who is/are the point of contact(s) for this review?
  2. Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
  3. Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
  4. Does this request block another bug? If so, please indicate the bug number
  5. This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
  6. Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
    • Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
    • Are there any portions of the project that interact with 3rd party services?
    • Will your application/service collect user data? If so, please describe
  7. If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
Retrieved from "https://wiki.allizom.org/index.php?title=Security/Reviews/Review_Request_Form&oldid=399928"