Security Landing

From MozillaWiki
Jump to: navigation, search
“Individuals’ security and privacy on the Internet are 
fundamental and must not be treated as optional.”
  - Mozilla Manifesto Principle 4

The Mozilla Security community provides leadership in security by building security features, testing software and systems, and leading industry standards to ensure that individuals retain the ability to make meaningful choices about security and privacy on the Internet.

This page documents the security-related activities where Mozilla active, and how to join us.

Who Works on Security?

In addition to the role that everyone at Mozilla plays in maintaining the security of Mozilla products and services there are many staff and volunteers dedicated to the challenge. Mozillians has a list of Security Team members. If you need help immediately you can find contact information for individual team members there!

Many Efforts

To create a comprehensive security cover, we approach security and privacy from many angles at Mozilla.

Operations Security 
Network/System Security, Incident detection and response, infrastructure policy development and compliance.
Security Engineering 
Making the web platform more secure! Web security feature development (CSP, HSTS, SSL) and gecko security heavy lifting (Firefox plumbing).
Firefox OS Security
Ensure Firefox OS security throughout OS development lifecycle, make Apps safe and secure, respond to vulnerability and 0day reports on Firefox OS, work with partners to extend our security principles to wherever the Firefox OS brand is employed.
Fuzzing 
We throw random data at a program until something goes wrong, causing faults which are often security related.
Web Services Security 
...

How to Get Involved!

Find Us:

  • #security on IRC
  • security@mozilla.org - email us any questions, concerns, etc
  • Bugzilla flag - sec-review - We look for where our input is needed based on this bugzilla flag and will jump in to provide assistance
  • File a security/privacy review request via this link
  • Attend a Security Talk given by one of the security team
  • Join the dev-security newsgroup or mailing list
  • If you are looking for a specific team member, Check Mozillians!

Follow our work:

Contribute: Wanna pitch in, maybe do a project? Check out SecurityEngineering/Projects or the good first bugs list and if one interests you, contact us!