Erlang Ecosystem Foundation – Security Working Group Proposal
Working Group Name
Mission of the Security Working Group is to identify security issues, and provide solutions, develop guidance, standards, technical mechanisms and documentation.
Benefits to the community
- Bringing trust in Erlang Ecosystem as a secure environment
- Trusted source of information and discussions for entire ecosystem
Short term deliverables
- Improve SSL implementation performance and scalability
- Provide reference implementation for code signing *.beam files
- Ensure supply chain security for code/package repositories (e.g. hex.pm)
Long term deliverables
- Produce and maintain secure coding guidelines
- Develop hardening guidelines for BEAM deployments
- Raise awareness of security – talks, slides, articles, blog posts, educational documents, conferences, meet-ups
Why does this group require the Foundation
Security resources (libraries, tools, documentation) must originate from trusted sources. By making critical resources available through the Security WG, users can be sure these have been peer-reviewed by experts in the community.
Security features are fundamental parts of a platform, and making security-related changes requires consensus among major stakeholders. Erlang Ecosystem Foundation, and a Security Working Group being part of it, can coordinate such work and ensure consensus is reached.
It is often undesirable to disclose specific security issues before a mitigation is made. Trust in Security Working Group as a part of foundation is necessary to facilitate discussion and mitigation of sensitive issues before making a public statement.
Initial list of volunteers
- Maxim Fedorov
- Bram Verburg