2022-03-25 Meeting Minutes

	Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct.

	Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct.

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.

@Arun S M

@Ry Jones

@Danno Ferrin

@Hart Montgomery

@kamlesh nagware

@artem

@Peter Somogyvari (Deactivated)

Document all the threats first, it helps in creating the categories later. This will also help in prioritising what is important.
Define the assets or properties that are to be protected before adding in threats.
Infrastructure
1. Supply delivery of the open source software.
2. Continuous delivery, continuous integration.
3. Binaries and outcome authenticated/signed. The end binary user can verify the source and integrity of the software.
4. Include physical break into the data center or cloud going down.
5. Operational threats.
6. Insufficient test bed setup, recommend ways for reproducibility.
Architecture
1. Data confidentiality.
2. Excessive backward compatibility.
Implementation
1. Deployment issues

Checklist for members to follow while reporting vulnerabilities.

Questionnaire to report vulnerability ~ calculate CVE score. @Danno Ferrin

Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. @Hart Montgomery

Propose to break the task force activities into multiple work streams. @Hart Montgomery @Mic Bowman

Define threats in each of the defined category, bring it up for discussion. Action: Everyone

	File	Modified
Labels No labels Preview View	File GMT20220325-145910_Recording.transcript.vtt	Mar 25, 2022 by Ry Jones
Labels No labels Preview View	Text File GMT20220325-145910_Recording.txt	Mar 25, 2022 by Ry Jones

Download All