Closed Bug 773404 Opened 12 years ago Closed 12 years ago

Security review for Identity KPI Dashboard

Categories

(mozilla.org :: Security Assurance: Review Request, task, P2)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ozten, Assigned: rforbes)

References

(Blocks 1 open bug)

Details

(Whiteboard: [completed secreview][score:36]) 

> Who is/are the point of contact(s) for this review?

development: nmalkin, jparsons
project management, jokes: ozten

> Please provide a short description of the feature / application (e.g. problem 
> solved, use cases, etc.):

The KPI Dashboard is the second phase, after the KPI Backend project.

This dashboard contains reports based on the backend data. They are secured behind VPN, so only employees can access them.


> Please provide links to additional information (e.g. feature page, wiki) if 
> available and not yet included in feature description:

Current site documentation is available at:
https://wiki.mozilla.org/Identity/BrowserID/KPI_Dashboard

>    Does this request block another bug? If so, please indicate the bug number

773400

>    This review will be scheduled amongst other requested reviews. What is the 
> urgency or needed completion date of this review?

We'd like to ship to production while our intern is here, so we need the review by early August

>    To help prioritize this work request, does this project support a goal 
> specifically listed on this quarter's goal list? If so, which goal?

Yes, optimizing the UX of Persona

>    Please answer the following few questions: (Note: If you are asked to describe 
> anything, 1-2 sentences shall suffice.)
>        Does this feature or code change affect Firefox, Thunderbird or any product 
> or service the Mozilla ships to end users?

Nope.

>        Are there any portions of the project that interact with 3rd party services?
>        Will your application/service collect user data? If so, please describe 

Nope.

>    If you feel something is missing here or you would like to provide other kind of 
> feedback, feel free to do so here (no limits on size):



>    Desired Date of review (if known from https://mail.mozilla.com
> /home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite. 

The majority of privacy and security vetting happened on the backend, filing this bug for an incremental followup. It is a new Node.js web app for internal use only.
Blocks: 773400
Depends on: 742796
Keywords: sec-review-needed
Whiteboard: [pending secreview] → [pending secreview][triage needed 2012.07.18]
Risk/Priority Ranking Exercise https://wiki.mozilla.org/Security/RiskRatings

Priority -4: P2 - Identity is a mozilla initiative

Operational: 1 - minor
User: 1 - minor 
Privacy: 1 - minor
Engineering: 2 - normal
Reputational: 3 - major

Priority score - 36
Severity: normal → major
Priority: -- → P2
Whiteboard: [pending secreview][triage needed 2012.07.18] → [pending secreview][triage needed 2012.07.18][score:36]
Assignee: nobody → rforbes
Whiteboard: [pending secreview][triage needed 2012.07.18][score:36] → [pending secreview][score:36]
this was completed.  everything looks good.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Keywords: sec-review-complete
Whiteboard: [pending secreview][score:36] → [completed secreview][score:36]
I think Curtis's most recent mail is saying that our reviews shouldn't be "VERIFIED" until all the dependent bugs are fixed. Moving back to RESOLVED.
Status: VERIFIED → RESOLVED
Closed: 12 years ago12 years ago
You need to log in before you can comment on or make changes to this bug.