Mission of the Security Working Group is to identify security issues, and provide solutions, develop guidance, standards, technical mechanisms and documentation.
Benefits to the community
- Bringing trust in Erlang Ecosystem as a secure environment
- Trusted source of information and discussions for entire ecosystem
Short term deliverables
- Improve SSL implementation performance and scalability
- Provide reference implementation for code signing
- Ensure supply chain security for code/package repositories (e.g. hex.pm)
- Identify, prioritize and track security issues
Long term deliverables
- Produce and maintain secure coding guidelines and tooling for building secure applications
- Develop hardening guidelines for BEAM deployments
- Document security guarantees of built-in OTP applications, and improve them where necessary
- Raise awareness of security - talks, slides, articles, blog posts, educational documents, conferences, meet-ups
- Develop vulnerability disclosure program for the ecosystem, templates and processes for vulnerability disclosure
Why does this group require the Foundation
Security resources (libraries, tools, documentation) must originate from trusted sources. By making critical resources available through the Security WG, users can be sure these have been peer-reviewed by experts in the community.
Security features are fundamental parts of a platform, and making security-related changes requires consensus among major stakeholders. Erlang Ecosystem Foundation, and a Security Working Group being part of it, can coordinate such work and ensure consensus is reached.
It is often undesirable to disclose specific security issues before a mitigation is made. Trust in Security Working Group as a part of foundation is necessary to facilitate discussion and mitigation of sensitive issues before making a public statement.
Initial list of volunteers
- Maxim Fedorov
- Bram Verburg
- Hans Nilsson
- Peter Dimitrov
- Griffin Byatt
- Duncan Sparrell
You can reach us at: email@example.com