+dev-b2g for additional input/thoughts Thanks, Chris
----- Original Message ----- > From: "Jim Porter" <[email protected]> > To: "Chris Lee" <[email protected]>, "martin kurze" <[email protected]>, > [email protected] > Sent: Tuesday, September 17, 2013 6:20:43 PM > Subject: Firefox OS security discussion > > Hi all, > > At the Oslo work week, we talked about some of the difficulties outside > contributors have with reporting security issues in Firefox OS to > Mozilla. My understanding is that there's one main contact at Mozilla, > with a few people under him. There was a little confusion about that, > but I believe that's what Chris Lee said when I asked. > > Since security is really important, we should try to come up with ways > to make it easier for non-Mozilla people to know where to go with > security issues. > > One thing that might help, and which is relatively simple, would be for > each of the functional teams (Media Apps, Browser, etc) to have a > designated security contact. They would keep up-to-date with the > existing Firefox OS security group and also help direct security-related > questions to the right people. > > There are probably other things that would help, e.g. thinking about > what kind of Bugzilla permissions we need to make things easier. Since > many of Mozilla's partners are competitors, we'd need to be careful. I'm > not entirely sure what we'd do here, since I don't currently have access > to security-sensitive bugs in the first place, but maybe those who do > would have ideas. > > We should also make sure that whatever the process is, it's > well-documented and communicated to everyone, so that no one feels lost > when reporting a security issue. > > Obviously, feel free to suggest other things (including things I may > have forgotten!) and/or add other people to the discussion who might > have some good insights. > > - Jim > _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
