Hyperledger is committed to creating a safe and welcoming

community for all. For more information

please visit the Hyperledger Code of Conduct.

Welcome and Introductions

Who you are, which project you represent, your role in the project and what your interest is in the Hyperledger security process effort.

Attendees

Arun S M

Ry Jones

Danno Ferrin

Arnaud J Le Hors

Hitesh Sharma

Announcements

Agenda

  • Welcome

  • Scoring guidelines for blockchain projects in Hyperledger Foundation.

  • Review comments/discussions on https://github.com/ossf/security-reviews

  • Review checklist for reporting vulnerabilities. Covers both the project team and an external member.

  • Open agenda

Next Meeting

Future Topics

Notes

  1. Waiting for the proposal on scoring guidelines ~ today's meeting agenda will be carried over to 25th Feb.
  2. Question for discussion: signing artefacts policy and reproducible builds.
  3. Policy for dependent license checks.
    1. External agency - Check once a quarter.
  4. Look into score card - from OpenSSF https://github.com/ossf/scorecard .

Action items

  • Checklist for members to follow while reporting vulnerabilities.
  • Questionnaire to report vulnerability  ~ calculate CVE score. Danno Ferrin
  • Define scoring guidelines for blockchain & non-blockchain projects in Hyperledger Foundation. Hart Montgomery

Recordings