mozilla
/
experimenter-docs
зеркало из https://github.com/mozilla/experimenter-docs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update risk-mitigation.mdx (#633) 

added types so can point to it easily from new form
This commit is contained in:
Shell Escalante 2024-08-30 11:26:38 -07:00 коммит произвёл GitHub
Родитель 80a47c9980
Коммит b0576429d2
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
1 изменённых файлов: 6 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
docs/workflow/implementing/risk-mitigation/risk-mitigation.mdx
Просмотреть файл

@ -6,3 +6,9 @@ sidebar_position: 1
Experiments and Rollouts are making remote changes to the experience of live users, often millions of people. Doing QA and answering the risk questions carefully helps reduce the chance of production incidents. These are all “soft sign-offs” - in that you can check them yourself saying you have followed the guidance and are satisfied the risk is mitigated.
### Types of risk include (but are not limited to)
- **Brand**: If the public, users, or press were to discover this experiment and description, could it negatively impact their perception of our brand? This includes when that perceptions is unfounded. Example: We offered recommendations in a client-side, privacy respecting way, but the method of recommending could have been misconstued. Instead of an incident, when the question came up (reddit, hackernews, etc) it was good press because we quickly pointed people to the well-written SUMO description of how we were respecting user privacy when making recommendations.
- **Revenue**: Impact from changes related to Search, New Tab, Ads, Pocket, etc should follow the VP Sign-off guidance.
- **Partnerships**: If a partner is involved in any way, it raises risk and you should follow the Legal sign-off guidance. A partner could also be affected indirectly, for example if search functionality or presentation is altered. Considerations can include: revenue, licensing, partner privacy policy, contractual obligations, trademark usage, etc.
- **Encryption**: Encryption in your technoology is subject to export control laws and you need Legal Sign-off. Releasing to other countries could put our users at risk of criminal punishment and result in the country sanctioning our browser use. Even code shipped preffed off, could manually be activated. It is critical to NOT deliver encryption into these countries.
- **Sensitive Data**: If you are using [Category 3 or 4 data](https://wiki.mozilla.org/Firefox/Data_Collection#Data_Collection_Categories) you need to work with legal and data. Follow the Legal Sign-off guidance.