Security
Jump to navigation
Jump to search
Welcome to the Mozilla Security wiki.
- Security Severity Ratings
- How to report a security issue
- Want to fix a security bug? Here is a list of old thorny bugs you can take on.
Engaging with Security
How To Find Us
Lot's of options, we're here to help:
- Security@mozilla.org - email us any questions, concerns, etc
- Bugzilla Keyword - sec-review-needed - We triage based on this keyword and will jump in to provide assistance
- #security on IRC
- File a security/privacy review request via this link
- Attend a Security Talk given by one of the security team
Security reviews for new features/products/applications
Main Article: Security/Reviews
- Find past reviews by Category:SecReview
The Mozilla Secure Development Lifecycle
- Understand the Secure Development Lifecycle used to secure our new features/products/applications
- Information on Bugzilla and the Security Assurance Component
Security Bug Processes
Approval for Landing Security Bugs Web Bug Verification Rotation
Request a Security or Privacy Review
- Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
- We'll create and link the corresponding wiki page within the Security Radar
- Security & Privacy Review Request Form
Security Radar
| Unlinked Reviews |
|---|
| Unlinked Discussions |
|---|
Security Feature Development
Main article: Security/Roadmap
Main article: Privacy/Roadmap
Security Initiatives
- Security/TeamEmbedding
- Prioritizing and driving non-feature work: Security/Driving
Security Resources and Blogs
Mozilla Official Sites
- Mozilla Security Center
- Mozilla security developer docs
- Mozilla CA Root Program
- Mozilla Security blog
- Mozilla WebApp Sec Blog
- Secure Coding Guidelines for Webapps
Personal Security Related Blogs of Mozillians
- Lucas Adamski's blog
- Sid Stamm's blog
- Curtis Koenig's blog
- Jesse Ruderman's blog (fuzzing entries, security entries)
- Michael Coates
- Ian Melven's Mozilla/Security blog
- Christian Holler's blog (decoder)
Twitter Accounts of Security Mozillians
- Mozilla Security
- Mozilla Web Security
- Jesse Ruderman
- Curtis Koenig (all kinds of random stuff)
- Michael Coates
- Tom Lowenthal (privacy)
- Lucas Adamski
- Alex Fowler
- Yvan Boily
- Daniel Veditz
- Raymond Forbes
- Al Billings (but mostly Buddhist and Hackerspace tweets)
- Ian Melven
- Guillaume Destuynder
- Gary Kwong (all sorts of stuff)
- Christian Holler (decoder)
- Michael Henry (tinfoil)
- Tanvi Vyas
- Simon Bennetts (psiinon)
- Matt Fuller (mfuller)
OWASP Projects and chapters
The Mozilla Security team is heavily involved with OWASP:
- Michael Coates - OWASP Chair
- Curtis Koenig - Louisville Chapter leader
- Mark Goodwin - East Midlands Chapter leader
- Raymond Forbes - Seattle Chapter leader
- Simon Bennetts - ZAP Project leader and Manchester Chapter leader
- Yvan Boily - Vancouver Chapter leader
Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.
Non-Mozilla Resources (blogs, news sites, twitter, tools)
Stuff that needs to be merged into this page properly
Meeting Notes
| Meetings | ||||||||
|---|---|---|---|---|---|---|---|---|
|