...
After our projects reach 1.0 status, the policy for when we do another outside audit of a project is based on a few factors. The primary factor is code "churn"–the amount of code that has changed since the last audit. The secondary factor is major architectural changes (e.g. changing cryptography library implementations). When enough code has changed and/or architectural rework has happened, Hyperledger will invest money into having a follow up audit done to once again establish a baseline for project security.
Hyperledger
...
Besu
Hyperledger Besu joined Hyperledger as a project in the fall of 2019 and with their first major release a security audit was conducted. Below is the report from that audit.
Hyperledger Composer
Hyperledger Composer reached their Hyperledger Fabric was the first project to reach the 1.0 milestone early in 2018. We hired Nettitude to conduct a Nettitude conducted the security audit of the source code and to work closely with the developers to fix any issues that they found. The audit results were announced in a Hyperledger blog postall issues found have been resolved.
- Hyperledger Fabric Composer - Security Assessment Management Report
- Hyperledger Fabric Composer - Security Assessment Technical Report
Hyperledger
...
Fabric
Hyperledger Sawtooth reached Fabric was the first project to reach the 1.0 in the Spring of 2018. Nettitude conducted the milestone. We hired Nettitude to conduct a security audit of the source code base and all reported issues have been addressedand to work closely with the developers to fix any issues that they found. The audit results were announced in a Hyperledger blog post.
- Hyperledger Sawtooth Fabric - Security Assessment Management Report
- Hyperledger Sawtooth Fabric - Security Assessment Technical Report
Hyperledger Iroha
Hyperledger Iroha is fast approaching their 1.0 milestone. Nettitude conducted the security audit of the source code and all issues found have been resolved. The audit results were announce in a Hyperledger blog post.
...
- Hyperledger Indy - Security Assessment Management Report
- Hyperledger Indy - Security Assessment Technical Report
Hyperledger
...
Sawtooth
Hyperledger Composure Sawtooth reached their 1.0 milestone early in the Spring of 2018. Nettitude conducted the security audit of the source code base and all reported issues found have been resolvedaddressed. The audit results were announced in a Hyperledger blog post.