Intent to Implement System Add-on: SHIELD/Normandy

J. Ryan Stinnett jryans at
Fri Sep 30 23:48:33 UTC 2016

On Fri, Sep 30, 2016 at 8:41 AM, Gijs Kruitbosch <gijskruitbosch at>

> In this specific case, it sounds like you're already talking to the
> security team. They would be the best people to judge if you (still) need a
> formal security review to happen on the code you're landing. If you haven't
> talked to them about this, now would be a good time. For other projects, a
> quick web search gets me:
> ity#Request_a_Security_or_Privacy_Review which seems fairly
> straightforward to me.

I suppose this is the wrong venue for this rabbit hole, but I've had a hard
time contacting the security team in the past, so I am not sure what the
right venue is. The wiki page above links to a security review request form
that says "This process not currently in use, maintaining for historical

Is there a description of the correct process for requesting security
review somewhere? I've received a lot of mixed signals about this process
in the past, so having the right answer would be great!

- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the firefox-dev mailing list