...
- Waiting for the proposal on scoring guidelines ~ today's meeting will stand cancelled. Meeting agenda will be carried over to 25th Feb.
- Question for discussion: signing artefacts policy and reproducible builds.
- Policy for dependent license checks.
- External agency - Check once a quarter.
- Look into score card - from OpenSSF https://github.com/ossf/scorecard .
Action items
- Checklist for members to follow while reporting vulnerabilities.
- Questionnaire to report vulnerability ~ calculate CVE score. Danno Ferrin
- Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery
...