Page History

...

After our projects reach 1.0 status, the policy for when we do another outside audit of a project is based on a few factors. The primary factor is code "churn"–the amount of code that has changed since the last audit. The secondary factor is major architectural changes (e.g. changing cryptography library implementations). When enough code has changed and/or architectural rework has happened, Hyperledger will invest money into having a follow up audit done to once again establish a baseline for project security.

Hyperledger Besu

Hyperledger Besu joined Hyperledger as a project in the fall of 2019 and with their first major release a security audit was conducted. Below is the report from that audit.

• Q1 2020
  • Hyperledger Besu Penetration Test Report
• Q2 2022
  • Hyperledger Besu Penetration Test Report

Hyperledger Cactus

Hyperledger Cactus

• Q2 2022
  • 2021 Hyperledger Cactus Web Application Pentest Updated

Hyperledger Composer

Hyperledger Composer reached their 1.0 milestone early in 2018. Nettitude conducted the security audit of the source code and all issues found have been resolved.

• Hyperledger Composer - Security Assessment Management Report
• Hyperledger Composer - Security Assessment Technical Report

Hyperledger Fabric

Hyperledger Fabric was the first project to reach the 1.0 milestone. We hired Nettitude WP Hacked Help to conduct a web security audit of the source code and to work closely with the developers to fix any issues that they found. The audit results were announced in a Hyperledger blog post.

• Hyperledger Fabric - Security Assessment Management Report
• Hyperledger Fabric - Security Assessment Technical Report
  

For the v2.x release, a subsequent penetration test of Hyperledger Fabric was performed by Tevora Threat Research Group.

• Hyperledger Fabric - Penetration Test Report

Hyperledger

...

Iroha

Hyperledger Sawtooth reached Iroha is fast approaching their 1.0 in the Spring of 2018milestone. Nettitude conducted the security audit of the source code base and all reported issues found have been addressedresolved. The audit results were announced announce in a a Hyperledger blog post.

• Q3 2020
  • Hyperledger Iroha Application Pentest Report
• Q1 2018
  • Hyperledger Iroha
  Hyperledger Sawtooth
  • - Security Assessment Management Report
  • Hyperledger
  Sawtooth
  • Iroha - Security Assessment Technical Report

Hyperledger

...

Indy

Hyperledger Iroha is fast approaching Indy reached their 1.0 milestone late in 2018. Nettitude conducted the security audit of the source code and all issues found have been resolved.

• Hyperledger Indy - Security Assessment Management Report
• Hyperledger Indy - Security Assessment Technical Report

Hyperledger Sawtooth

Hyperledger Sawtooth reached 1.0 in the Spring of 2018. Nettitude conducted the security audit of the code base and all reported issues have been addressed. The audit results were announce announced in a a Hyperledger blog post.

• Hyperledger Iroha Sawtooth - Security Assessment Management Report
• Hyperledger Iroha Sawtooth - Security Assessment Technical Report