Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Zoom Link: https://zoom.us/j/97240941339

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.




Next Meeting

Future Topics


  1. To address:
    1. Key contact points from each of the project.
    2. Check if the reported issue is a vulnerability/CVE.
    3. What if the reporter is from within the project.
    4. Follow up with maintainers, what happened to the issue that was raised?
    5. Do not use mailing list as it is functional today.
  2. Suggestions:
    1. Establish a process for reporting CVEs.
    2. Make use of GitHub CVE reporting feature to auto notify dependent projects.
    3. Survey while feeding in new issues ~ justify.
      1. Do calculate the score - questionnaire based report is not sufficient.
      2. Notify the third party (outside the project with familiarity of the reported issue). Consider reporter given their research motives.
    4. Use HackerOne as proposed in Gaps between guidance and implementation for CSVD - increase participation. Ask GB to sponsor.
    5. Process for auditing reported issues.
    6. In case of reporter is a member of the project team, create a checklist for members to follow to create a trace that provides auditability of what was done.
  3. Gap in OpenSSF
    1. Goal: provide feedback to OpenSSF so that their guidelines can be improved

Action items

  • Checklist for members to follow while reporting vulnerabilities.
  • Questionnaire to report vulnerability  ~ calculate CVE score.


  File Modified
Multimedia File TSC Security TF 2021 12 13.m4a Dec 13, 2021 by Ry Jones
Multimedia File TSC Security TF 2021 12 13.mp4 Dec 13, 2021 by Ry Jones
File TSC Security TF 2021 12 13.vtt Dec 13, 2021 by Ry Jones
Text File TSC Security TF 2021 12 13.txt Dec 13, 2021 by Ry Jones