Security

Welcome to the Mozilla Security wiki.

Security-related bugs

Engaging with Security

How To Find Us

Lot's of options, we're here to help:

Security@mozilla.org - email us any questions, concerns, etc
Bugzilla Keyword - sec-review-needed - We triage based on this keyword and will jump in to provide assistance
#security on IRC
File a security/privacy review request via this link
Attend a Security Talk given by one of the security team

Security reviews for new features/products/applications

Main Article: Security/Reviews

Find past reviews by Category:SecReview

The Mozilla Secure Development Lifecycle

Understand the Secure Development Lifecycle used to secure our new features/products/applications
Information on Bugzilla and the Security Assurance Component

Security Bug Processes

Request a Security or Privacy Review

Complete the questions at the following page to provide the basic info to kickstart a security or privacy review
We'll create and link the corresponding wiki page within the Security Radar
Security & Privacy Review Request Form

Security Radar

Unlinked Reviews
Android System Storage WebBattery BrowserID C API Add crossorigin attribute Sync Dialogue JetPack 2011-10-12 XHR non-post rewrite Stub Installer Sync Client Weave 1.3b5 Client DNSSEC-TLS Web Activities & F1 MouseLock Joystick

Unlinked Discussions
WebRTC

Security Feature Development

We build secure operation and user sovereignty into the web platform and leverage the open web to bring these attributes to more environments. Check out the SecurityEngineering page for more info!

Security Initiatives

Security/TeamEmbedding
Prioritizing and driving non-feature work: Security/Driving

Security Resources and Blogs

Mozilla Official Sites

Personal Security Related Blogs of Mozillians

Twitter Accounts of Security Mozillians

Mozilla Security
Mozilla Web Security
Jesse Ruderman
Curtis Koenig (all kinds of random stuff)
Tom Lowenthal (privacy)
Lucas Adamski
Alex Fowler
Yvan Boily
Daniel Veditz
Raymond Forbes
Al Billings (but mostly Buddhist and Hackerspace tweets)
Ian Melven
Guillaume Destuynder
Joe Stevensen
Gary Kwong (all sorts of stuff)
Christian Holler (decoder)
Michael Henry (tinfoil)
Tanvi Vyas
Simon Bennetts (psiinon)
Matt Fuller (mfuller)
Jeff Bryner (jeff)

OWASP Projects and chapters

The Mozilla Security team is heavily involved with OWASP:

Curtis Koenig - Louisville Chapter leader
Mark Goodwin - East Midlands Chapter leader
Raymond Forbes - Seattle Chapter leader
Simon Bennetts - ZAP and VWAD Project leader and Manchester Chapter leader
Yvan Boily - Vancouver Chapter leader

Mozilla Security team members also frequently talk at OWASP chapter meetings and conferences.

Non-Mozilla Resources (blogs, news sites, twitter, tools)

Other Security Resources

Stuff that needs to be merged into this page properly

Meeting Notes

Meetings

SecTeam Meetings 2012
2012-02-01 2012-01-25 2012-01-18 2012-01-11 2012-01-04

SecTeam Meetings 2011
2011-12-28 2011-12-21 2011-12-14 2011-12-07 2011-11-30 2011-11-23 2011-11-16 2011-11-09 2011-11-02 2011-10-26 2011-10-19 2011-10-12 2011-10-05 2011-09-28 No meeting on 9/14 (All Hands) or 9/21 (Fuzzing Work Week) 2011-09-07 2011-08-31 2011-08-24 Life Cycle discussion 2011-08-17 2011-08-10 2011-07-27 2011-07-20 2011-07-13 2011-07-06 2011-06-29 2011-06-22 2011-06-15 2011-06-08 2011-06-01

Joint Secteam-Infrasec Meetings 2012
2012-01-12

Joint Secteam-Infrasec Meetings 2011
2011-12-15 2011-11-17 2011-10-06 2011-09-08 2011-08-25 2011-08-11 2011-07-28 2011-06-16