Date
Recording
The recording data will be uploaded by Peter
...
Attendees
- Peter Somogyvari
- Shingo Fujimoto
- Takuma Takeuchi
- Yasushi Takahashi
- Izuru Sato
- Jonathan Hamilton
- Vipin Bharathan
Discussion items
Software Supply Chain Security
Vipin: I am doing research on supply chain security. From the viewpoint of past security incidents in software supply (Solar units, etc.), supply chain security is important, and Cactus as OSS is no exception. You must create an SBOM (Software Bill of Materials) to manage vulnerabilities associated with HL repositories. Whitesource-bolt automatically detects vulnerabilities in HL repository components on github, while Cactus detects many. It is necessary to deal with these.
Shingo: If vulnerability issues depend on the library, should each contributor create a library carefully in the future to resolve these issues ?
Vipin: You need to improve the vulnerability not only by making future libraries but also by fixing existing libraries.
Vipin: I am planning to write an HL blog page about HL OSS supply chain security.
Others
Hart&Shingo: We should discuss more on Email.
Shingo: The video of HLGF is available, so I recommend you to watch it.