We’re committed to security at Mozilla and take every opportunity throughout the development lifecycle to integrate security controls, guidance and verification. One of the items that we’ve found successful thus far is the secure coding guidelines document for web applications. The goal of this document is to provide concise security guidance and security requirements that can be used in any web application. While specific security controls may differ between applications, this baseline at least puts all applications and in a solid position in terms of security.
Take a look and feel free to use or adopt this information within your organization. Your recommended controls and risk tolerance may vary, but ultimately, providing clear security expectations to developers will lead to a more secure application in the end.