Security/Archived/TeamEmbedding
From MozillaWiki
< Security(Redirected from Security/TeamEmbedding)
What is team embedding?
The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications.
The Embedded Approach:
- Establishes a cohesive approach where all parties have a vested interest in a successful project
- Addresses security early in the life-cycle where changes are easier and less expensive
- Increases efficiency by establishing the embedded security rep as an expert on the specific application / product
- Functions across all portions of the organization to create a holistic view of organizational risk
- Creates a centralized body of security expertise that can implement standardized security procedures across the organization
Expectations:
- Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation.
- Expect to spend at least a few hours a week with the team.
- Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled.
Who is embedded where?
| Product / Feature | Embedded Resource(s) |
| B2G | Paul Theriault |
| Rust | Jesse Ruderman |
| Mobile | Mark Goodwin |
| Sync | Simon Bennetts |
| Services | Simon Bennetts |
| Cloud Services | Adam Muntner |
| Firefox | |
| Jetpack, Add-on SDK, Add-on Builder | Dan Veditz |
| JS | Christian Holler |
| UX/front-end | Dan Veditz |
| DOM, XPconnect | Jesse Ruderman |
| Layout, Style | Jesse Ruderman |
| Automation Tools | Gary Kwong |
| Web Developer Tools | Mark Goodwin |
| Networking | Christoph Diehl |
| Media | Christoph Diehl |
| Gfx | Christoph Diehl |
| Apps Project | |
| Marketplace | Adam Muntner |
| Payments | Adam Muntner |
| Firefox APIs | Raymond Forbes |
| App Sync | David Chan |
| Dynamic API Security Model | Raymond Forbes |
| WebRT | |
| Identity | |
| BrowserID | Yvan Boily |
| Identity Services | Yvan Boily |
| Large Web Projects | |
| Addons.M.O | Adam Muntner |
| Bugzilla.M.O | Mark Goodwin & Eric Parker |
| Mozillians | Raymond Forbes |
| MDN | Raymond Forbes |
| SUMO (Kitsune) | |
| Operations Security | |
| Network Operations | Michal Purzynski |
| Mozilla Foundation | Michal Purzynski |
| Release Engineering | Joe Stevensen |
| Service Operations | Guillaume Destuynder |
| Web Operations | Julien Vehent |
| Firefox OS Security | |
| Performance | Paul Theriault |
| Media Recording | Paul Theriault |
| RIL | Paul Theriault |
| Productivity | Frederik Braun |
| Media | Frederik Braun |
| Systems-Frontend | Robert Fletcher |
| Devices | Robert Fletcher |
| Comms | Stéphanie Ouillon |
| Systems-Platform | Stéphanie Ouillon |
| FxA & Malware prevention | Christiane Rütten |
