2022-03-11 Meeting Minutes

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.

Attendees

Arun S M

Hart Montgomery

Arnaud J LE HORS

Mic Bowman

kamlesh nagware

Peter Somogyvari

Announcements

Agenda

• Welcome

• Scoring guidelines for blockchain projects in Hyperledger Foundation.

  • Security threat modelling for blockchain technology.
• Broader areas to focus
  • Infrastructure security.
  • Signing artefacts / binary distribution.
• Review comments/discussions on https://github.com/ossf/security-reviews
• Review scorecard from OpenSSF https://github.com/ossf/scorecard.

• Review checklist for reporting vulnerabilities. Covers both the project team and an external member.

• Open agenda

Next Meeting

Future Topics

Notes

1. Define what constitutes an eco-system.
2. Define problems that may arise before jumping into mitigations.
3. System is designed without flaws that could cause security issues, implemented as intended, built and delivered to serve the purpose.
4. Distinguish generic software development security with that of the scope of blockchain.
5. Define who is the document intended to ~ SecurityTaskForce. The current work is to identify Threats.
   
   1. Developer community.
   2. Serve to the security experts, analysts.
   3. Informal definitions to the non-technical community.

Action items

• Checklist for members to follow while reporting vulnerabilities.
• Questionnaire to report vulnerability  ~ calculate CVE score. Danno Ferrin
• Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
• Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
• Define threats in each of the defined category, bring it up for discussion. Action: Everyone

Recordings