2022-03-25 Meeting Minutes

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.

Attendees

Arun S M

Ry Jones

Danno Ferrin

Hart Montgomery

kamlesh nagware

artem 

Peter Somogyvari (Deactivated)

Announcements

Agenda

• Welcome
• Cover the threats
• Open Agenda

Next Meeting

Future Topics

Notes

1. Document all the threats first, it helps in creating the categories later. This will also help in prioritising what is important.
2. Define the assets or properties that are to be protected before adding in threats.
3. Infrastructure
   1. Supply delivery of the open source software.
   2. Continuous delivery, continuous integration.
   3. Binaries and outcome authenticated/signed. The end binary user can verify the source and integrity of the software.
   4. Include physical break into the data center or cloud going down.
   5. Operational threats.
   6. Insufficient test bed setup, recommend ways for reproducibility.
4. Architecture
   1. Data confidentiality.
   2. Excessive backward compatibility.
5. Implementation
   1. Deployment issues

Action items

• Checklist for members to follow while reporting vulnerabilities.
• Questionnaire to report vulnerability  ~ calculate CVE score. Danno Ferrin
• Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
• Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
• Define threats in each of the defined category, bring it up for discussion. Action: Everyone

Recordings