EEF Newsletter #3
In This Newsletter
The beginning of Autumn has arrived and with it comes our September Newsletter! In this issue, we announce our new stipends process, some website updates, and we get to meet Maxim Fedorov, the head of the Security WG. Plus, we get an update, Honoring Fellows, Why We Care and other News.
“The greatness of a community is most accurately measured by the compassionate actions of its members.” ~ Coretta Scott King
It is our great pleasure to announce that we have just opened our stipend program. The goal of it is to fund open source development, trainings, workshops and other initiatives that will help increase and expand the Beam community. These stipends are funded by our sponsor , membership fees and donations.
The current focus of the foundation is on increasing and expanding the community so we will favour stipends that are targeted to beneficiaries that are new to Erlang/Elixir and the ecosystem. We prefer stipends that support online workshops, online training materials, hands-on trainings, development work (open source) and diversity efforts.
We’re always looking for designers to help us tweak the site. Reach out to the marketing group if you’re interested.
Working Group Water Cooler
Name and Role in the Working Group Maxim Fedorov, WG chair, and Bram Verburg
What is the primary goal of the working group? Describe in reference to the community benefits. This Working Group exists to identify security issues, and develop solutions, guidance, standards, technical mechanisms and documentation. Our goal is to bring together specialists and enthusiasts from across the ecosystem, and provide the community with a trusted source of information, raising awareness of security issues and best-practices. We want to provide collaboration space for the community, avoiding duplicated efforts.
How does the group determine what to focus on? Is there a way for the community to collaborate? We use mailing list to discuss current issues, projects and approaches. Coining in new idea is as simple as starting a new thread. If an idea gets traction, it becomes a project. Every project has a person driving, with group members providing sanity checks, peer reviews and assessments. Periodic reports are encouraged to show progress and provide visibility letting non-members to discover the project. Due to the nature of the area we operate in, most projects are long-term initiatives, and we’d be happy to accept any help - be it source code, tests, exploits, proof-of-concepts, studies, or documentation. We’re looking for people willing to explain their use-cases, solutions and best practices.
What is the group currently focused on? Are there initiatives planned? There are several projects in the active phase. One is TLS handshake improvements addressing concurrency issues with existing OTP crypto library. Another project targets supply chain security (hex.pm and build tools). Missing OCSP implementation may also present considerable interest for the community, both Erlang and Elixir. Yet another common issue would be passwords in clear text, often met in configuration files.
We’d also like to start documenting best practices, such as secure coding guidelines and deployment hardening recommendations.
Have long term initiatives been discussed? Describe based on priority and benefit. Long-term, we plan the Group to take an active role in raising awareness of security issues at conferences, meetups, and through blog posts and papers. We also believe the group can play a role in vulnerability disclosure coordination, by accepting, reviewing and dispatching reports pertaining to key open source project.
How can the community help in supporting the group? Are there projects that need contributes or collaborators? Join us, and help with projects already listed at https://github.com/erlef/security-wg/issues, or raise a new issue - and be prepared to lead the effort. If you’d like to participate in group discussions, please send a free-form join request to email@example.com. If you’re not ready yet, firstname.lastname@example.org provides a simple bridge to the mailing list. An introductory email with personal background would be appreciated, with indication what project(s) you’d like to contribute to, and how.
What is the best way for the community to stay informed on the working group’s initiatives? Our mailing list is provided through Google Groups: email@example.com . There is also a GitHub repository https://github.com/erlef/security-wg to track issues and provide collaboration space.
Sponsor Testimonial - Why Do We Care?
“We try to be involved directly with the technologies and tools we use to realize ambitious projects for our clients. While individual contributions are the foundation of successful open source projects, we believe institutions like the EEF are crucial for steering bigger initiatives and ensuring long term success – we hope we can contribute to that through our sponsorship.”
~ Marco Otte-Witte Managing Director @ simplabs https://simplabs.com/
Welcome Our Newest Sponsors
Join us celebrating the three new sponsors that joined us this month: Id3as , Sfracta & ArcBlock ! Show your support for the community, the BEAM languages, and the foundation itself by becoming a sponsor. Join here .
- Honoring Our Fellows
- Lumen Announced
- Rebar 3 3.12.0 Released
- ElixirConf EEF Updates by Miriam Pena & Desmond Bowe
See you Soon!
Stay tuned for exciting updates about the EEF and the wider Ecosystem community. The buzz is building and it’s a great time to be working with this technology. If you have any questions or things you’d like to see in this newsletter, please let us know at marketing !
Remember to follow us on Twitter (https://twitter.com/TheErlef) for news, updates, and more throughout the month!
Have a pleasant weekend!
- The Erlang Ecosystem Foundation https://erlef.org