...
Next Meeting
Future Topics
Notes
- Questions:
- Way of reporting fixes for vulnerabilities. Report the issue post patch updates. This is general practice followed across security groups.
- Communicating with other groups (a case of Ethereum).
- Using GitHub for creating an issue ID. Better option at present for Hyperledger Foundation.
- Case for Hyperledger Ursa
- Linux Foundation is expected to send out guidelines sooner through OpenSSF.
- Define what does scoring guidelines mean for Hyperledger Foundation. Refer to https://www.first.org/cvss/calculator/3.0 as a starting point.
- Definitions for what each of the fields mean in the form.
- Target audience: Consumers of the project. Ops teams who work on these projects regularly.
- Review https://github.com/ossf/security-reviews
Action items
- Checklist for members to follow while reporting vulnerabilities.
- Questionnaire to report vulnerability ~ calculate CVE score. Danno Ferrin
- Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
Recordings