Closed
Bug 508145
Opened 15 years ago
Closed 10 years ago
amo should host a security page with disclosure information about past security problems in addons.
Categories
(addons.mozilla.org :: Security, enhancement, P4)
addons.mozilla.org
Security
Tracking
(Not tracked)
RESOLVED
WONTFIX
Future
People
(Reporter: chofmann, Assigned: jorgev)
References
Details
maybe we should start a page like http://www.mozilla.org/security/announce/ for addons to help inform developers and reviewers to avoid past mistakes and inform users about updates they need to get, or addons or classes of addons that might pose risks. nick suggests we host the page on the new amo developer site planned to go live soon. we would need some research to dig up and catalog past vulnerabilities, and the new additions that came out of this defcon session -- https://www.defcon.org/html/defcon-17/dc-17-speakers.html#Liverani page should also link to a page that outlines the process and best practices for reporting security problems to addon developers, amo editors/reviewers, and amo site managers.
Comment 1•15 years ago
|
||
Sounds like a wonderful idea, though I expect the list to get quite long. Would probably need to split it up into one page for highly used add-ons and another for the rest.
Hardware: x86 → All
Comment 2•15 years ago
|
||
Related, we should also put an overview doc on MDC on best practices related to security. I have a document in the works that is currently being vetted/evaluated.
Comment 3•15 years ago
|
||
-> nick for planning
Assignee: nobody → nnguyen
Severity: normal → enhancement
Priority: -- → P4
Target Milestone: --- → Future
Comment 4•15 years ago
|
||
This is something that Jorge and Justin should consider for inclusion in Developer.amo.
Assignee: nnguyen → jorge
Comment 5•10 years ago
|
||
Thanks for filing this. In an effort to not drown in existing reports we're aggressively closing old enhancements and bugs to get the buglist to a reasonable level so we can scope and process bug sprints in an effective manner. Patches for this bug are still welcome.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•