Security/Archived/TeamEmbedding

From MozillaWiki
Jump to: navigation, search

What is team embedding?

The Security Assurance team works across all development and innovation centers within Mozilla. Using an embedding strategy the SA team is involved with the design, planning, development and delivery of all products and applications.

The Embedded Approach:

  • Establishes a cohesive approach where all parties have a vested interest in a successful project
  • Addresses security early in the life-cycle where changes are easier and less expensive
  • Increases efficiency by establishing the embedded security rep as an expert on the specific application / product
  • Functions across all portions of the organization to create a holistic view of organizational risk
  • Creates a centralized body of security expertise that can implement standardized security procedures across the organization

Expectations:

  • Security team member will attend the feature team's meetings, contribute to design, and potentially contribute to implementation.
  • Expect to spend at least a few hours a week with the team.
  • Embedding does not mean you're on the hook to do all the reviewing yourself. If something needs a group security review, contact Curtis (curtisk) to get it scheduled.

Who is embedded where?

Product / Feature Embedded Resource(s)
B2G Paul Theriault
Rust Jesse Ruderman
Mobile Mark Goodwin
Sync Simon Bennetts
Services Simon Bennetts
Cloud Services Adam Muntner
Firefox
Jetpack, Add-on SDK, Add-on Builder Dan Veditz
JS Christian Holler
UX/front-end Dan Veditz
DOM, XPconnect Jesse Ruderman
Layout, Style Jesse Ruderman
Automation Tools Gary Kwong
Web Developer Tools Mark Goodwin
Networking Christoph Diehl
Media Christoph Diehl
Gfx Christoph Diehl
Apps Project
Marketplace Adam Muntner
Payments Adam Muntner
Firefox APIs Raymond Forbes
App Sync David Chan
Dynamic API Security Model Raymond Forbes
WebRT
Identity
BrowserID Yvan Boily
Identity Services Yvan Boily
Large Web Projects
Addons.M.O Adam Muntner
Bugzilla.M.O Mark Goodwin & Eric Parker
Mozillians Raymond Forbes
MDN Raymond Forbes
SUMO (Kitsune)
Operations Security
Network Operations Michal Purzynski
Mozilla Foundation Michal Purzynski
Release Engineering Joe Stevensen
Service Operations Guillaume Destuynder
Web Operations Julien Vehent
Firefox OS Security
Performance Paul Theriault
Media Recording Paul Theriault
RIL Paul Theriault
Productivity Frederik Braun
Media Frederik Braun
Systems-Frontend Robert Fletcher
Devices Robert Fletcher
Comms Stéphanie Ouillon
Systems-Platform Stéphanie Ouillon
FxA & Malware prevention Christiane Rütten