Enterprise Information Security

Infosec assists Mozillians in defining and operating security controls to ensure that data at Mozilla is protected consistently across the organization.

  • we help you define the risks around your services and data
  • we help projects design and implement security controls
  • we maintain a risk-based inventory of systems and their functional security controls to help Mozilla management determine where to invest in security measures
  • we develop a catalog of services and tools that help you appropriately secure your data
  • we respond to security investigations and incidents
  • we provide baseline practices and assist teams in defining their security standards

Documentation

Guidelines

  • AWS Security Best practices for securely operating in Amazon Web Services
  • Key Management Find out which algorithms are recommended, when to expire keys, etc.
  • Kubernetes A high level guide of basic security needs for Kubernetes
  • OpenSSH How to configure and use OpenSSH server and client securely
  • Phishing A fraudulent practice of sending emails (or other communications) purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
  • Web Security What headers, setup, etc. should you follow for your web site?

Risk assessment

IAM

  • OpenID Connect How to use OpenID Connect securely and make user’s session experience better
  • SAML How to use SAML securely and make user’s session experience better

Fundamentals

  • Rationales Explains and justifies the use of specific controls, principles
  • Security Principles Most important security principles to follow - the baseline

Contact

Open a ticket with us. For confidential information, encrypt using our public PGP key. Our full fingerprint is 0x85D77543B3D624B63CEA9E6DBC17301B491B3F21

For security incidents, file a bug in Bugzilla under the product/component investigation or incidents.

Our IRC channel is #infosec or #security at irc.mozilla.org.

Members

  • Guillaume Destuynder 🐦 💻 [:kang]
  • Gene Wood [:gene]
  • April King [:April]
  • Andrew Krug [:andrew]
  • Justin Dow [:jabba]
  • Jonathan Claudius [:claudijd]
  • Caglar Ulucenk [:Cag]
  • Tristan Weir [:weir]
    • Alicia Smith [:phrozyn]
    • Brandon Myers [:pwnbus]
    • Lucius Bono [:lucius]
    • Michal Purzynski [:michal`]
    • Emma Rose [:emrose]