2022-03-25 Meeting Minutes
- Arun .S.M.
- Ry Jones
Owned by Arun .S.M.
|
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Welcome and Introductions
Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.
Attendees
Announcements
Agenda
- Welcome
- Cover the threats
- Open Agenda
Next Meeting
Future Topics
Notes
- Document all the threats first, it helps in creating the categories later. This will also help in prioritising what is important.
- Define the assets or properties that are to be protected before adding in threats.
- Infrastructure
- Supply delivery of the open source software.
- Continuous delivery, continuous integration.
- Binaries and outcome authenticated/signed. The end binary user can verify the source and integrity of the software.
- Include physical break into the data center or cloud going down.
- Operational threats.
- Insufficient test bed setup, recommend ways for reproducibility.
- Architecture
- Data confidentiality.
- Excessive backward compatibility.
- Implementation
- Deployment issues
Action items
- Checklist for members to follow while reporting vulnerabilities.
- Questionnaire to report vulnerability ~ calculate CVE score. Danno Ferrin
- Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
- Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
- Define threats in each of the defined category, bring it up for discussion. Action: Everyone
Recordings