Skip to end of metadata
Go to start of metadata

Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.

Attendees

Announcements

Agenda

Next Meeting

Future Topics

Notes

  1. Questions:
    1. Way of reporting fixes for vulnerabilities. Report the issue post patch updates. This is general practice followed across security groups.
    2. Communicating with other groups (a case of Ethereum).
    3. Using GitHub for creating an issue ID. Better option at present for Hyperledger Foundation.
    4. Case for Hyperledger Ursa
  2. Linux Foundation is expected to send out guidelines sooner through OpenSSF.
  3. Define what does scoring guidelines mean for Hyperledger Foundation. Refer to https://www.first.org/cvss/calculator/3.0 as a starting point.
    1. Definitions for what each of the fields mean in the form.
    2. Target audience: Consumers of the project. Ops teams who work on these projects regularly.
  4. Review https://github.com/ossf/security-reviews

Action items

  • Checklist for members to follow while reporting vulnerabilities.
  • Questionnaire to report vulnerability  ~ calculate CVE score. Danno Ferrin
  • Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery


Recordings

  File Modified
Multimedia File GMT20220128-155037_Recording_1920x1176.mp4 Jan 28, 2022 by Ry Jones
Multimedia File GMT20220128-155037_Recording.m4a Jan 28, 2022 by Ry Jones
File GMT20220128-155037_Recording.transcript.vtt Jan 28, 2022 by Ry Jones
Text File GMT20220128-155037_Recording.txt Jan 28, 2022 by Ry Jones