Mozilla documents it’s commitment to security during Cyber Security Awareness month
QUOTE: October is National Cyber Security Awareness month and we want to take the opportunity to reiterate Mozilla’s security commitment to the Web. From Firefox for Windows, Mac, Linux and Android to Firefox OS to the Firefox Marketplace, Persona and more – Mozilla is committed to delivering secure applications and services that protect our users’ data and privacy. This is more than just a commitment; it’s even in our manifesto. Individuals’ security on the Internet is fundamental and cannot be treated as optional. http://www.mozilla.org/about/manifesto.html
Let’s take a quick look at the variety of mechanisms we include within our secure software development lifecycle.
* Threat Modeling – During design we gather security experts, developers and architects to evaluate potential risks of a design and ensure proper security controls are present in the design of the new system or feature.
* Fuzzing – Automated scripts and tools send a variety of malformed data into our applications to ensure our products properly handle all sorts of unexpected scenarios that could otherwise lead to vulnerabilities.
* Security Code Review – Our security experts and developers manually review critical code to identify the proper use of security controls and proactively find potential flaws.
* Penetration Testing – We perform the same actions that a real attacker would take against our applications and ensure all security defenses are properly functioning.
* Bug Bounty Program – Mozilla began the first browser bug bounty program in 2004 and expanded to include critical web applications in 2010. This program builds our larger security community and is another way we proactively discovery security issues and provide fixes long before users are ever at risk.