Introducing Mozilla Winter of Security 2014

At Mozilla, we have a loosely formed group called Security Automation, where people who build security tools can meet, exchange ideas, and show their work. We build projects around applications and operations security. Some of the things we’ve worked on include ZAP, Zest, Plug’n’Hack, Minion, MIG, Mozdef, ScanJS or Cipherscan. And, as you would expect from Mozilla, our work is public for all to see, use, and contribute to.

In the past, students requested to work on some of these projects. One trend we’ve seen is that many students are looking for real world projects to sink their teeth into. Something worth their attention, and something people will actually use.

In response we decided to create the Mozilla Winter of Security, or MWoS. MWoS is composed of 11 projects from the Security Automation effort, that directly map the needs at Mozilla. They are designed to solve real world problems in an innovative, and open way. We also made them autonomous, such that students don’t need to learn the inner-working of Mozilla in order to work on these projects.

Winter of Security, so called because we want students to get involved 800px-Redpandas4430roughly between September and April. Each project has an advisor from Mozilla who will be dedicating a few hours every week to the students. We also ask that a professor oversees the team from a university point of view, and ensures the projects align with their curriculum.
Anyone can apply, under the condition that the university will give class credits and a grade for the work done in MWoS.

MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.

If you are a professor, tell your students about the Mozilla Winter of Security today. If you are a student, start assembling your team, and fill up the application form before July 15th, 2014. We limited this round to 11 projects, with one team per project, and will be selecting the best applications in August.

If you have questions, and want to discuss MWoS, you can reach us on IRC in the #security channel, or via the discussion page on the wiki. If you want details about a specific project, feel free to contact the project advisor directly on IRC.

MWoS is part of the wider Mozilla Security Mentorship program.

Red Panda photograph from WikiMedia Commons under theCreative CommonsAttribution-Share Alike 3.0 Unported license.

20 comments on “Introducing Mozilla Winter of Security 2014”

  1. RAGHIB AHSAN wrote on

    would it be ppossible to extend the deadline day by 1 my university is closed and would open after 16th july and time is required for the permission with university..

    1. Curtis Koenig wrote on

      We may consider moving the date if this turns out to be a larger issue. For now our plan is to keep the date and then reopen the submission window if there are still open projects closer to the start of the fall term.

  2. Fritz wrote on

    is it open to any university in the world ?

    1. Curtis Koenig wrote on

      Yes, as long as you can meet the requirements from your university side we are accepting applications from any university.

  3. Fritz wrote on


    Is it open to any university in the worl ? And how will the course be organize in terms of time ?

    1. Curtis Koenig wrote on

      We are not organizing the course, this is a decision between you and your professor or university adviser.

  4. Sandeep wrote on

    What is criteria of selection?? only on the basis of resume or there will be an interview also ? or anything else?

    1. Curtis Koenig wrote on

      The selections will be made using the online submission tools, if the team feels further information is needed you may be contacted for an interview.

  5. Willy Aguirre wrote on

    I would like to take part but I don’t have a professor.

    1. Curtis Koenig wrote on

      Unfortunately this particular program is open to university students in a formal degree program. Depending on the success of this project and several others we may expand future community programs to a larger audience. We appreciate that you have interest and welcome you to come talk to us in the #security channel of our IRC servers if you have further questions or want to find other ways to get involved.

  6. Vinayak Mehta wrote on

    As this will be my third year, I won’t be getting credits for the project. Instead I’ll be getting marks. Am I eligible to participate in the WoS?

    1. Vinayak Mehta wrote on

      These marks will act as internal marks for a course for which I’ll get credits.

      1. Curtis Koenig wrote on

        This could still work, I would suggest you still apply and explain the situation on your application as well as coming into the #security channel on IRC to chat with us about it.

  7. Nishaanth wrote on


    What is the minimum number of persons to form a team?

    And is it compulsory for the colleges to give credits?

    1. Curtis Koenig wrote on

      The minimum is one person, and yes for now it is compulsory. We intend these to be used for class projects or capstone type of projects.

      1. Nishaanth wrote on

        But that would not be possible in all the colleges,right?
        Oh man,every college has their own way of grading and rules here.
        My college doesn’t give me the grades which I get in every semester.
        It will be hard to convince them for an extra credit.
        Any other solution?

        1. Curtis Koenig wrote on

          We realize this program may not work for all students and if that is the case we hope you’ll consider a future effort. For now these projects are intended to be used as part of the course work for a given class under the direction of a formal course with an instructor or professor. Students applying must be enrolled in a course that has a requirement for a project that will be a portion of the grade or a required element of the course. How the university or class grades the element or reports them is not the concern. The issue is that we feel we need formal checks and balances from the university side and our side for these to be successful to all parties.

          1. Nishaanth wrote on

            If that is the case,can I know the list of courses which will be useful for the projects?
            I am in my second year and herein I would study OS,Algo,Networking.
            I wish to give a try 🙂

  8. Nishaanth wrote on

    And the IRC was in active when I tried connecting to it today.
    # security on mozilla servers,right?

    1. Curtis Koenig wrote on

      That is odd as the server runs 24×7, we might not be actively talking but there are almost always people there. Of course activity of given individuals is dependent on the part of the world they live in and the time they work.