![]() Second is the fact that even with careful review bugs will likely slip through, and a sound, defensive design will ensure that these bugs don't end up being catastrophic. The reason for this is two-fold: first, the time constraints mentioned before. Instead, we prefer to focus on ensuring that the design of the feature is contributing to, rather than detracting from, the overall security posture of the system. The Chrome OS security team will normally not look at the implementation details of a feature - there is just not enough time to read through thousands of lines of code each milestone. We are always happy to discuss feature design. Send email to and try to include a design doc, even if it's just an early draft. If the feature is big or complex, or if you find yourself implementing something that needs to go against the recommendations in this document, please reach out to the security team as soon as possible. We will flip the security flag to Yes when the feature is ready. More importantly, the security team uses these flags to track features and work on our side. In most cases, features are not as trivial as they initially appear. Instead, think of it as the process by which you take ownership of the security implications of the feature, so that you are shipping something that doesn't detract from the overall security posture of the product.Įven if you consider that the feature is trivial, or has no security implications, please refrain from flipping the security flag in the launch bug to NA or Yes yourself. Don't think of the security review process as an arbitrary bar set by the security team that you have to pass no matter what. The security team will flip this flag to Yes after the feature owner has successfully engaged the security team to understand (and address or mitigate) the security implications of the feature. Launch bugs include a set of cross-functional review flags, which includes the Launch-Security flag mentioned above. The rest of this document describes what questions such a “Security implications” section should answer and what concerns it should address. ![]() In order to streamline the process as much as possible, make sure that the launch bug links to a design doc that includes a section covering the security implications of the feature. The security team tracks this flag as well. The new launch bug template allows feature owners to initiate a security review by flipping the Launch-Security flag to ReviewRequested. As long as the feature has an associated launch bug, the security team will track it. The Chrome OS security team tracks features by looking at Launch bugs filed in, which are also mirrored in. ![]() It takes seven to eight weeks from the time a branch is cut to the time a new software image built from that branch is pushed to devices on the stable channel.Ī feature targeting a given milestone will be reviewed during that milestone's development cycle, or shortly after the branch is cut. Accordingly, a new milestone is pushed to Chrome OS devices every six weeks. Every six weeks a new release branch is created, based off our main development branch (also known as trunk or tip-of-tree). The security review processĬhrome OS development is structured around six-week cycles called milestones. In general, every Chrome OS feature requires a security review. The security review process is designed to make sure that new features don't make it disproportionately easier for attackers to compromise user data or devices. More details on what the review covers are described below in the review framework section, but at a high level the goal is to protect our users' data and devices. The Chrome OS security review process' main goal is to ensure new features stay faithful to Chrome OS' security architecture. Individual sections call out the main target audience where appropriate. It attempts to comprehensively document the process and thus caters to various audiences, most importantly feature owners and security team members. This document describes the Chrome OS security review process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |