Hyperledger is committed to creating a safe and welcoming
community for all. For more information
please visit the Hyperledger Code of Conduct.
Welcome and Introductions
Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.
- Cover the threats
- Open Agenda
- Document all the threats first, it helps in creating the categories later. This will also help in prioritising what is important.
- Define the assets or properties that are to be protected before adding in threats.
- Supply delivery of the open source software.
- Continuous delivery, continuous integration.
- Binaries and outcome authenticated/signed. The end binary user can verify the source and integrity of the software.
- Include physical break into the data center or cloud going down.
- Operational threats.
- Insufficient test bed setup, recommend ways for reproducibility.
- Data confidentiality.
- Excessive backward compatibility.
- Deployment issues
- Checklist for members to follow while reporting vulnerabilities.
- Questionnaire to report vulnerability ~ calculate CVE score. Danno Ferrin
- Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
- Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
- Define threats in each of the defined category, bring it up for discussion. Action: Everyone