At Mozilla, we are constantly building internal tools to help us do our jobs. Our internal jobs often align closely with our external mission. For example, making the Internet a safer place is a priority for us at Mozilla. Our InfoSec team built a tool to help them quickly scan Mozilla’s websites to identify which sites were using best security practices. The tool is called Observatory by Mozilla, and today we’re announcing it as an experimental tool for everyone to try out.
Observatory is a fast and easy way for website operators to get direct feedback on whether their sites are following best practices in web security. Web developers can use Observatory to get instant feedback on their progress on security improvements. Observatory aims to be a “one stop shop” for site operators that gives them very broad coverage and links to appropriate documentation. We’ve found it helpful in evaluating our own sites, like addons.mozilla.org and www.mozilla.org.
We would like to invite the outside world to try out Observatory and give us their feedback. Observatory is currently a very developer-focused tool, and its grading is set very aggressively to promote best practices in web security. So if your site fails Observatory’s tests, don’t panic — just take a look at its recommendations and consider implementing them to make your site more secure. We’re looking forward to making the Observatory clearer and easier to use as we get more feedback.