New Module: Security Architecture Module
9 views
Skip to first unread message
Tom Ritter
Dec 3, 2025, 4:27:02 PMDec 3
to gover...@mozilla.org
I'm proposing a new module for Firefox encompassing Security Architecture to be the authority for security reviews and security architecture questions/decisions.
This module will be the owner of questions like “What are the security requirements for Fission?”, “Can we disable R^X”, and “Should we work on site sandboxing/principal validation?” (all real examples of questions we’ve fielded.) It does not change the individual ownership of existing security bits of code like Caps, DOM:Security, Security UI, Sandboxing, or NSS. Similarly, it does not change anything with regards to the Security Policies module which is a pan-Mozilla module (and therefore on the wiki, not in source docs) covering bug severity assignment, sec-approval, bug bounties, and security advisories.
The Firefox Security team is already providing guidance and the acting authority in the sense that people seek us out for our opinion but after reviewing the Mozilla governance model and existing modules, and in particular the “Performance Regression Policy” and “Code Review Policy”, it felt appropriate to document and create an explicit function for this. This will also help wayfinding for new people or in ambiguous situations. Functionally, I don’t expect anything to really change: if people came to us today and we could not find a
common ground (which is so uncommon I struggle to remember an example) we would have escalated to people on the Firefox Technical Leadership Module which is the formal module escalation path already.
Christian Holler (Decoder) is the owner of the module; and the peers are Dan Veditz, Freddy Braun, Christoph Kerschbaumer, Bobby Holley, Simon Friedberger, and myself
This proposal has been reviewed by the TLMC, but if there are concerns or comments, they can be heard. Otherwise this will be landing in https://bugzilla.mozilla.org/show_bug.cgi?id=2003916
-tom
This module will be the owner of questions like “What are the security requirements for Fission?”, “Can we disable R^X”, and “Should we work on site sandboxing/principal validation?” (all real examples of questions we’ve fielded.) It does not change the individual ownership of existing security bits of code like Caps, DOM:Security, Security UI, Sandboxing, or NSS. Similarly, it does not change anything with regards to the Security Policies module which is a pan-Mozilla module (and therefore on the wiki, not in source docs) covering bug severity assignment, sec-approval, bug bounties, and security advisories.
The Firefox Security team is already providing guidance and the acting authority in the sense that people seek us out for our opinion but after reviewing the Mozilla governance model and existing modules, and in particular the “Performance Regression Policy” and “Code Review Policy”, it felt appropriate to document and create an explicit function for this. This will also help wayfinding for new people or in ambiguous situations. Functionally, I don’t expect anything to really change: if people came to us today and we could not find a
common ground (which is so uncommon I struggle to remember an example) we would have escalated to people on the Firefox Technical Leadership Module which is the formal module escalation path already.
Christian Holler (Decoder) is the owner of the module; and the peers are Dan Veditz, Freddy Braun, Christoph Kerschbaumer, Bobby Holley, Simon Friedberger, and myself
This proposal has been reviewed by the TLMC, but if there are concerns or comments, they can be heard. Otherwise this will be landing in https://bugzilla.mozilla.org/show_bug.cgi?id=2003916
-tom
Reply all
Reply to author
Forward
0 new messages