|
Hyperledger is committed to creating a safe and welcoming community for all. For more information please visit the Hyperledger Code of Conduct. |
|---|
Welcome and Introductions
Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.
Attendees
Announcements
Agenda
- Welcome
- Cover the threats
- Open Agenda
Next Meeting
Future Topics
Notes
- Add game based definitions to the whitepaper.
- Scenario: Using blockchain as an immutable record keeper
- Security: Protection at the access level.
- Read access: Query from all the nodes and get the majority result.
- Game: Adversary modifying the state, can blockchain recover in a given timeframe.
- Projects to put security guarantees.
- Misunderstanding could lead to data loss.
- Confidentiality & Privacy:
- Pseudonymity: Otherwise one can know what transactions are sent by which parties. Anonymity will make it hard, i.e. somebody can still search through network traffic.
- Ask projects to define privacy and confidentiality.
- Define the terms (ex: zcash defines privacy clearly).
- Form a working group for security.
- Task force can focus on vulnerability disclosure process.
- Games around: consensus, networking, block data, state data.
Action items
- Checklist for members to follow while reporting vulnerabilities.
- Questionnaire to report vulnerability ~ calculate CVE score. Danno Ferrin
- Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
- Propose to break the task force activities into multiple work streams. Hart Montgomery Mic Bowman
- Define threats in each of the defined category, bring it up for discussion. Action: Everyone