Overview
Syllabus
Intro
Agenda
What is Mozilla
Open Source Threat Model
Remediation
Web Services
Threat Model
Bug Bounty
Economics of Zero Day Bugs
Active programs
Open source
Open source vs proprietary
Mozillas open source projects
Bug bounty program
Internal communication
Web bug intake
Mozilla Firefox
Chris Hoffman
Statistics
Bounty Hunters
Measuring Security
Too Many Variables
Which is Safer
What do we learn
What can we actually measure
What security is
How much can we know
Garbage in garbage out
Qualitative assessments
epistemological problem
security verification
hard to measure
maturity model
selfdelusion
Road Map
Red Team
Summary
Taught by
OWASP Foundation