She also was instrumental in making Mozilla more open and communicative about its security practices, bringing in the concept of threatmodeling, as well.
The company has been very public about its software security program, to the point of publishing its threatmodeling process and tools and exporting the program to its partners and other third parties.