Security/Archived/TeamEmbedding

What is team embedding?

The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications.

The Embedded Approach:

Establishes a cohesive approach where all parties have a vested interest in a successful project
Addresses security early in the life-cycle where changes are easier and less expensive
Increases efficiency by establishing the embedded security rep as an expert on the specific application / product
Functions across all portions of the organization to create a holistic view of organizational risk
Creates a centralized body of security expertise that can implement standardized security procedures across the organization

Expectations:

Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation.
Expect to spend at least a few hours a week with the team.
Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled.

Who is embedded where?

Product / Feature	Embedded Resource(s)
B2G	Paul Theriault
Thunderbird	Adam Muntner
Rust	Jesse Ruderman
Mobile	David Chan
Sync	Simon Bennetts
Services	Simon Bennetts
Firefox
Jetpack, Add-on SDK, Add-on Builder	Dan Veditz
JS	Christian Holler
UX/front-end	Dan Veditz
DOM, XPconnect	Jesse Ruderman
Layout, Style	Jesse Ruderman
Automation Tools	Gary Kwong
Web Developer Tools	Mark Goodwin
Networking	Christoph Diehl
Media / Codecs	Christoph Diehl
Apps Project
Market	Raymond Forbes
Firefox APIs	Raymond Forbes
Payment Flow	Raymond Forbes
App Sync	David Chan
Dynamic API Security Model	Raymond Forbes
WebRT
Identity
BrowserID	Yvan Boily
Identity Services	Yvan Boily
Large Web Projects
Addons.M.O	Raymond Forbes
Bugzilla.M.O	Mark Goodwin & Eric Parker
Mozillians	Raymond Forbes
MDN	Raymond Forbes
SUMO (Kitsune)