Security/B2G/Team responsibilities

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search


Firefox OS Security Team Responsibilities

Security Assurance

Ensure security throughout OS development lifecycle

  • Embedding/team support/security guidance
  • Catching security oversights
  • Identifying and promoting good security practices (consistency, patterns and practices)
  • Closing the bug loop, pushing security bugs to resolution

Security Improvement

Drive security improvements to support evolving device and app requirements, and to bring us to parity with other mobile platforms

  • Update Firefox OS Application security model to address emerging APIs, use cases and threats
  • Coordinate between platform & B2G teams on security feature development
  • Contribute patches for minor security improvements
  • Coordinating/encouraging community security contributions
  • Drive development of new security features (e.g. sandboxing, crypto support)

Ecosystem Security

Empower community to help secure Firefox OS

  • Improve effectiveness and scalability of Marketplace security review process
  • Provide security guidance to developers & reviewers (e.g MDN documentation)
  • Development of tools for app developers & reviewers
  • App security incident response (vulnerable or malicious apps)

Partner Security Program

Help and monitor partners to ensure our users are protected

  • Work with partners to ensure security of vendor modifications & co-ordinate security updates
  • Enforce security through partner certification program
  • Security incident response, management, and partner fix coordination