2022-03-11 Meeting Minutes
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Welcome and Introductions
Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.
Attendees
@Arun S M
@Hart Montgomery
@Arnaud J LE HORS
@Mic Bowman
@kamlesh nagware
@Peter Somogyvari (Deactivated)
Announcements
Agenda
Welcome
Scoring guidelines for blockchain projects in Hyperledger Foundation.
Security threat modelling for blockchain technology.
Broader areas to focus
Infrastructure security.
Signing artefacts / binary distribution.
Review comments/discussions on https://github.com/ossf/security-reviews
Review scorecard from OpenSSF https://github.com/ossf/scorecard.
Review checklist for reporting vulnerabilities. Covers both the project team and an external member.
Open agenda
Next Meeting
Future Topics
Notes
Define what constitutes an eco-system.
Define problems that may arise before jumping into mitigations.
System is designed without flaws that could cause security issues, implemented as intended, built and delivered to serve the purpose.
Distinguish generic software development security with that of the scope of blockchain.
Define who is the document intended to ~ SecurityTaskForce. The current work is to identify Threats.
Developer community.
Serve to the security experts, analysts.
Informal definitions to the non-technical community.
Action items
Recordings