{"id":62266,"date":"2016-10-28T00:00:00","date_gmt":"2016-10-28T00:00:00","guid":{"rendered":"http:\/\/blog.mozilla.org\/foxtail\/2016\/10\/28\/our-role-in-protecting-the-internet-with-your-help\/"},"modified":"2021-02-09T05:41:55","modified_gmt":"2021-02-09T05:41:55","slug":"our-role-in-protecting-the-internet-with-your-help","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/","title":{"rendered":"Our Role in Protecting the Internet &#8212; With Your Help"},"content":{"rendered":"<p>Protecting the security of the Internet requires <strong>everyone<\/strong>. We talked about this theme <a href=\"https:\/\/blog.mozilla.org\/blog\/2016\/09\/13\/cybersecurity-is-a-shared-responsibility\/\">in a recent post<\/a>, and in this post we\u2019ll expand on the role Mozilla plays, and how our work supports and relies on the work of the other participants in the Web.<\/p>\n<h3>Building a secure browser<\/h3>\n<p>Firefox is a critical part of the Internet, and it\u2019s Mozilla\u2019s job to protect it. \u00a0Hundreds of millions of people use Firefox to connect to the web. That\u2019s a huge audience for the user-facing security features and protections we build into Firefox, but at the same time, a single security vulnerability can put all of our users at risk of having their computers or phones taken over by bad actors. So we put a lot of effort into finding and fixing vulnerabilities in Firefox as quickly as possible. In addition to our own team of expert bug-hunters, Mozilla runs one of the longest-standing <a href=\"https:\/\/www.mozilla.org\/en-US\/security\/bug-bounty\/\">bug bounty programs<\/a> on the web in order to encourage security researchers to report security vulnerabilities. So far this year, independent researchers reported more than 130 serious vulnerabilities that we hadn\u2019t found yet. Without our community of security researchers, every Firefox user would be more at risk.<\/p>\n<p>Mozilla is also investing in fundamental technologies to prevent these security vulnerabilities from arising in the first place. The <a href=\"https:\/\/www.rust-lang.org\">Rust programming language<\/a> is specially designed to ensure that several major types of security vulnerability simply can\u2019t happen, including the one that lead to the famous <a href=\"https:\/\/tonyarcieri.com\/would-rust-have-prevented-heartbleed-another-look\">Heartbleed vulnerability<\/a>. It is literally impossible to write a program in Rust that has one of these security vulnerabilities. Even though Rust started out at Mozilla, however, it wouldn\u2019t have been possible for it to mature so quickly into a production-ready language without <a href=\"https:\/\/github.com\/rust-lang\/rust\/graphs\/contributors\">more than 1,500 contributors<\/a> helping get it there. We\u2019ve <a href=\"https:\/\/hacks.mozilla.org\/2016\/07\/shipping-rust-in-firefox\/\">started using Rust in Firefox<\/a> for a few things, but other members of the community have already used Rust to create a <a href=\"https:\/\/github.com\/cristicbz\/rust-doom?updated\">Doom renderer<\/a>, a replacement for <a href=\"https:\/\/github.com\/uutils\/coreutils\">core Unix utilities<\/a>, and even a <a href=\"https:\/\/www.redox-os.org\/\">whole operating system<\/a> &#8212; all inherently safe from large classes of security vulnerabilities.<\/p>\n<p>Another way we\u2019re pushing the envelope on browser security is through our close collaboration with the <a href=\"https:\/\/torproject.org\/\">Tor Project<\/a>. The <a href=\"https:\/\/www.torproject.org\/projects\/torbrowser.html.en\">Tor Browser<\/a> is a variant of Firefox that provides users with enhanced privacy features and the ability to browse the web anonymously. For example, the <a href=\"https:\/\/securedrop.org\/\">SecureDrop<\/a> system uses Tor to let anonymous sources deliver documents to reporters without fear of being identified. We\u2019re tremendously grateful for all the new ideas and good code that the Tor community is contributing to the web, and we\u2019re working closely with the Tor Browser team to integrate their innovations into Firefox to give all users more privacy options.<\/p>\n<h3>Building a secure web<\/h3>\n<p>The web is not just Firefox, though &#8212; it\u2019s a whole network of computers, people, and companies working together. Mozilla security engineers are constantly working with other players in the web ecosystem to upgrade the security of the fundamental technologies that make the web work.<\/p>\n<p>Part of the way we do this is through standards organizations, like the <a href=\"http:\/\/ietf.org\/\">Internet Engineering Task Force<\/a> and the <a href=\"https:\/\/w3.org\">World Wide Web Consortium<\/a>. Those organizations serve as a meeting point for web browser makers, web server operators, and other people who want to help make the web better. Mozilla staff are leading efforts to do things like upgrading the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security#TLS_1.3_.28draft.29\">basic encryption systems<\/a> for the web and enhancing <a href=\"https:\/\/www.w3.org\/Webauthn\/\">security for web logins<\/a>. But these efforts only succeed when we do them in collaboration with lots of other organizations. For example, we recently got together with Google, Facebook, Cloudflare, INRIA, and others to test out the latest encryption protocols, and demonstrated several different systems from different vendors all working together.<\/p>\n<p>Another role we play is as the maintainer of the <a href=\"https:\/\/wiki.mozilla.org\/CA:Overview\">Mozilla Root Certificate Program<\/a>, which is used by Firefox and many other open-source projects to determine what digital certificates they should accept to identify websites. Maintaining trust in the digital certificate system is central to maintaining trust in the web, and Mozilla is the only browser with a fully open, community based process for making decision about which certificates are trusted.<\/p>\n<p>Finally, sometimes we have to create a part of the ecosystem when we find one that\u2019s missing. A few years ago, we noticed that the complexity and expense of getting a certificate was holding back security in the web. So we teamed up with EFF, Cisco, Akamai, and others to create <a href=\"https:\/\/letsencrypt.org\">Let\u2019s Encrypt<\/a>, a certificate authority that provides websites with certificate automatically and free of charge. In less than a year, Let\u2019s Encrypt has helped secure more than <a href=\"https:\/\/letsencrypt.org\/stats\/\">14 million websites<\/a> \u2013 most of which had never had security before. It wouldn\u2019t have been possible without the whole team of industry partners and community contributors.<\/p>\n<h3>Building a community around security<\/h3>\n<p>Of course, securing the Internet is not just a technical challenge. It requires a whole community of informed people to help guide companies and governments to make good decisions that make the Internet more secure. That\u2019s why earlier this year, we started a <a href=\"https:\/\/advocacy.mozilla.org\/en-US\/encrypt\/codemoji\/1\">campaign to educate more people about encryption<\/a>, and we continue to provide tools to <a href=\"https:\/\/blog.mozilla.org\/blog\/2016\/10\/06\/promoting-cybersecurity-awareness\/\">educate people about how to stay safe on the Web<\/a>.<\/p>\n<p>We\u2019re also helping our peers in the open source community make their security better. The <a href=\"https:\/\/wiki.mozilla.org\/MOSS\">Mozilla Open Source Support<\/a> program has provided more than $800,000 in funding to open source projects this year, much of it focused on improving security. MOSS grants are supporting Tor, the <a href=\"https:\/\/tails.boum.org\/\">TAILS privacy-enhanced operating system<\/a>, the <a href=\"https:\/\/caddyserver.com\/\">Caddy HTTP server<\/a> (which provides automatic security), a <a href=\"https:\/\/wiki.mozilla.org\/MOSS\/Secure_Open_Source\/Completed\">bunch of security audits<\/a>, and several other security projects across the open source ecosystem.<\/p>\n<h3>It takes a village<\/h3>\n<p>As you can see, our security work at Mozilla is deeply tied with work that the rest of the community is doing &#8212; independent researchers, government agencies, industry partners, interested users, and more. Every part of this intricate machine is critical; remove any part, and everyone gets less safe. If you\u2019d like to follow along with what the Mozilla security team is up to, please keep an eye on our <a href=\"https:\/\/blog.mozilla.org\/security\">Security blog<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Protecting the security of the Internet requires everyone. We talked about this theme in a recent post, and in this post we\u2019ll expand on the role Mozilla plays, and how our work supports and relies on the work of the other participants in the Web. Building a secure browser Firefox is a critical part of [&hellip;]<\/p>\n","protected":false},"author":998,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"coauthors":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Our Role in Protecting the Internet -- With Your Help<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/\",\"url\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/\",\"name\":\"Our Role in Protecting the Internet -- With Your Help\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\"},\"datePublished\":\"2016-10-28T00:00:00+00:00\",\"dateModified\":\"2021-02-09T05:41:55+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Our Role in Protecting the Internet &#8212; With Your Help\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/en\/\",\"name\":\"The Mozilla Blog\",\"description\":\"News and Updates about Mozilla\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290\",\"name\":\"Richard Barnes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/72460af7eaad6d9584aef4cd81a59c48\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=mm&r=g\",\"caption\":\"Richard Barnes\"},\"url\":\"https:\/\/blog.mozilla.org\/en\/author\/rbarnesmozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Our Role in Protecting the Internet -- With Your Help","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/","url":"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/","name":"Our Role in Protecting the Internet -- With Your Help","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/en\/#website"},"datePublished":"2016-10-28T00:00:00+00:00","dateModified":"2021-02-09T05:41:55+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/en\/mozilla\/our-role-in-protecting-the-internet-with-your-help\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/en\/"},{"@type":"ListItem","position":2,"name":"Our Role in Protecting the Internet &#8212; With Your Help"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/en\/#website","url":"https:\/\/blog.mozilla.org\/en\/","name":"The Mozilla Blog","description":"News and Updates about Mozilla","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/en\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/07606285eceef4058a743f3f8ec2e290","name":"Richard Barnes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/en\/#\/schema\/person\/image\/72460af7eaad6d9584aef4cd81a59c48","url":"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8148a9fe438c0b63cd06d650c6104f3?s=96&d=mm&r=g","caption":"Richard Barnes"},"url":"https:\/\/blog.mozilla.org\/en\/author\/rbarnesmozilla-com\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62266"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/users\/998"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/comments?post=62266"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/posts\/62266\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/media?parent=62266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/categories?post=62266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/tags?post=62266"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/en\/wp-json\/wp\/v2\/coauthors?post=62266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}