/
Security Audit Criteria

Security Audit Criteria

Owned by David Huseby
Last updated: Sept 11, 2019

This page documents all of the things we ask of third party security auditors when bidding and contracting for an independent review of Hyperledger projects.

Requirements

  • Static and hand analysis of sensitive areas of the code, specifically the code that interacts with cryptography libraries, network interfaces, and the file system.
  • Fuzzing of both network API's and library API's.
  • Static analysis and best practice enforcement with a linter over the entire code base.
  • Malicious node attacks on the network.

Optional

  • Dependency checks looking for known vulnerabilities and/or updates.
  • License audit to ensure all dependency licenses are properly followed.

Other Criteria

  • Early reporting of issues as they are found by the auditing team so that fixes can be made in parallel.
  • The team conducting the audit also has the capability to do PCI/GDPR/HIPPA/etc compliance auditing that we can offer to integrators building applications.
  • A written report with detailed analysis.

Related content

Security Code Audits
Security Code Audits
Hyperledger Security
More like this
Audits
Audits
Hyperledger Grid (EOL)
More like this
Audits
Audits
Hyperledger Aries
More like this
Audits
Audits
Hyperledger Transact
More like this
Audits
Audits
Hyperledger Explorer (EOL)
More like this
Audits
Audits
Hyperledger Cello
More like this