2022-03-11 Meeting Minutes
- Arun .S.M.
- Ry Jones
Owned by Arun .S.M.
|
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Welcome and Introductions
Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.
Attendees
Announcements
Agenda
- Welcome
Scoring guidelines for blockchain projects in Hyperledger Foundation.
- Security threat modelling for blockchain technology.
- Broader areas to focus
- Infrastructure security.
- Signing artefacts / binary distribution.
- Review comments/discussions on https://github.com/ossf/security-reviews
- Review scorecard from OpenSSF https://github.com/ossf/scorecard.
Review checklist for reporting vulnerabilities. Covers both the project team and an external member.
- Open agenda
Next Meeting
Future Topics
Notes
- Define what constitutes an eco-system.
- Define problems that may arise before jumping into mitigations.
- System is designed without flaws that could cause security issues, implemented as intended, built and delivered to serve the purpose.
- Distinguish generic software development security with that of the scope of blockchain.
- Define who is the document intended to ~ SecurityTaskForce. The current work is to identify Threats.
- Developer community.
- Serve to the security experts, analysts.
- Informal definitions to the non-technical community.
Action items
- Checklist for members to follow while reporting vulnerabilities.
- Questionnaire to report vulnerability ~ calculate CVE score. Danno Ferrin
- Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
- Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
- Define threats in each of the defined category, bring it up for discussion. Action: Everyone
Recordings