Closed Bug 1116499 Opened 10 years ago Closed 10 years ago

Change/add components for OpSec (currently at mozilla.org:Security Asssurance:OpSec)

Categories

(bugzilla.mozilla.org :: Administration, task)

Product:
bugzilla.mozilla.org
Component:
Administration
Version:
Production
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: kang, Assigned: reed)

Details

Hi! I'm filling this bug on behalf of the OpSec Mozilla corporation team (Operations Security) as we would like some changes in our Bugzilla components. Currently we have: ------------------ product: mozilla.org Security Assurance: Operations We would like to disable them and add new components instead: ------------------------------------------------------------ Operations Security (OpSec): General Operations Security (OpSec): Review Operations Security (OpSec): Investigation Operations Security (OpSec): Incident Operations Security (OpSec): MIG Operations Security (OpSec): NSM Operations Security (OpSec): MozDef Here's the detailed version of the changes: ------------------------------------------- product: mozilla.org (for all components below) Assignee: nobody@mozilla.org (for all components below) QA Contact: empty (for all components below) Operations Security (OpSec): General Description: Bugs related to the operations security (OpSec) team. These include server/network related security issues. See also https://wiki.mozilla.org/Security/OpSec Operations Security (OpSec): Review Description: OpSec security review and rapid risk assessments. Operations Security (OpSec): Investigation Description: Think you might have a security incident but need help figuring it out? Leaked passwords but don't know if they've been used? It goes here. If attack is in progress or data has been leaked and used/seen by third parties, use the Incident component instead. Flags: infrasec (Private Infrastructure Security Bug) Operations Security (OpSec): Incident Description: Used whenever a security breach, data leak, or event occurs that requires incident response. Flags: infrasec (Private Infrastructure Security Bug) Operations Security (OpSec): MIG Description: For MIG, the Mozilla InvestiGator. Operations Security (OpSec): NSM Description: For NSM, the Network Security Monitoring running at Mozilla. Operations Security (OpSec): MozDef Description: For MozDef, the Mozilla Defense platform - Mozilla's SIEM. Disabling the old components ----------------------------- DISABLE: Security Assurance: Operations (superseded by Operations Security (OpSec): *) DISABLE: Security Assurance: Incident (superseded by Operations Security (OpSec): Incident) ps: https://wiki.mozilla.org/BMO/Requesting_Changes#Retiring_Products_and_Components does not cover this but: can the disabled component description be changed to indicate the location of the new component as well? Hope I didn't forget anything that you need. Many thanks!
To be clear, these components are staying under mozilla.org and not moving to the new Infrastructure & Operations product? Also, instead of disabling components, let's just rename "Security Assurance: Operations" to "Operations Security (OpSec): General" and "Security Assurance: Incident" to "Operations Security (OpSec): Incident". Security groups are per-product... infrasec is already enabled for mozilla.org, but for something to go in it, a user needs to explicitly choose that (or use some form that does it for him/her).
Had a quick chat with joe to confirm, yes we do want it to stay under mozilla.org Also, the rename is fine - I didn't realize this was an option. Thanks!
All done. Note that any existing queries and such that use the two renamed components will be broken. We can fix that, but it'll require some sysadmin to run a script on one of the webheads... Up to you.
Assignee: nobody → reed
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.