Reviews and Consulting

So, ya need some security help? Our talents are many, but here are the things we normally assist Chromium engineers with:

Security Reviews

Features that are new or substantial refactors / expansions should go through the Chrome Security Review process via the Chrome launch process. The purpose of a security review is ==not== the elimination of all possible vulnerabilities, but rather the promotion of secure design and implementation practices in Chromium. It also helps the security team stay engaged with the rest of Chromium engineering.

Adding new code to third_party

Third party code is a hot spot for security vulnerabilities, so make sure to give security a head's up by getting a code review.

One-off questions

If you are not sure what to do, or need other help, you can always just reach us at security@chromium.org.