{"id":21,"date":"2007-10-01T14:17:39","date_gmt":"2007-10-01T21:17:39","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/"},"modified":"2007-10-01T14:17:39","modified_gmt":"2007-10-01T21:17:39","slug":"meet-the-mozilla-security-group","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/","title":{"rendered":"Meet the Mozilla Security Group"},"content":{"rendered":"<p>How can Mozilla be open about security issues without exposing users to additional risk?<\/p>\n<p>Being open about security issues means that users have the information they need to understand their risk, that the community can contribute to the security process, and that other software development projects can benefit from our experiences.\u00a0 Unfortunately, sharing the details of security issues broadly before they are patched could expose users to risk.  The balance we have come up with is to work with a group of people that represent the interests of the entire community who can give feedback, suggestions, and help to fix security issues.<\/p>\n<p>The <a href=\"http:\/\/www.mozilla.org\/projects\/security\/secgrouplist.html\">Mozilla Security Group<\/a> is a team of people from the community, including employees, individual contributors, and other vendors who work on securing Mozilla projects.  This group has been in place since 2002, is older than Mozilla Corporation, and as of today there are 93 people in the group.  The team is self-organizing.  New members are nominated by existing members through recognition of valuable contributions to security efforts.  This system is democratic and is similar to the method used to assign rights to add code to Mozilla projects for new contributors.<\/p>\n<p>This team enables us to leverage the knowledge of the community, be open about security issues, but also protect our users until we are able to ship a fix.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How can Mozilla be open about security issues without exposing users to additional risk? Being open about security issues means that users have the information they need to understand their &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/\">Read more<\/a><\/p>\n","protected":false},"author":48,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[69,1],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Meet the Mozilla Security Group - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Window Snyder\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/\",\"name\":\"Meet the Mozilla Security Group - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2007-10-01T21:17:39+00:00\",\"dateModified\":\"2007-10-01T21:17:39+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Meet the Mozilla Security Group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5\",\"name\":\"Window Snyder\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/ac9103056fd345532d56198464860a0a\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g\",\"caption\":\"Window Snyder\"},\"sameAs\":[\"http:\/\/blog.mozilla.org\/security\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Meet the Mozilla Security Group - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/","twitter_misc":{"Written by":"Window Snyder","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/","url":"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/","name":"Meet the Mozilla Security Group - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2007-10-01T21:17:39+00:00","dateModified":"2007-10-01T21:17:39+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2007\/10\/01\/meet-the-mozilla-security-group\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Meet the Mozilla Security Group"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/bcfe8d4a8562282caf71ca487f4a36f5","name":"Window Snyder","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/ac9103056fd345532d56198464860a0a","url":"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/73de47c5d7f96fbe0d5058c37ae1fefc?s=96&d=identicon&r=g","caption":"Window Snyder"},"sameAs":["http:\/\/blog.mozilla.org\/security\/"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/21"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/48"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=21"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/21\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=21"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}