Security Working Group

Mission Statement

Mission of the Security Working Group is to identify security issues, and provide solutions, develop guidance, standards, technical mechanisms and documentation.

Benefits to the community

  • Bringing trust in Erlang Ecosystem as a secure environment
  • Trusted source of information and discussions for entire ecosystem

Short term deliverables

  • Improve SSL implementation performance and scalability
  • Provide reference implementation for code signing
  • Ensure supply chain security for code/package repositories (e.g. hex.pm)
  • Identify, prioritize and track security issues

Long term deliverables

  • Produce and maintain secure coding guidelines and tooling for building secure applications
  • Develop hardening guidelines for BEAM deployments
  • Document security guarantees of built-in OTP applications, and improve them where necessary
  • Raise awareness of security - talks, slides, articles, blog posts, educational documents, conferences, meet-ups
  • Develop vulnerability disclosure program for the ecosystem, templates and processes for vulnerability disclosure

Why does this group require the Foundation

Security resources (libraries, tools, documentation) must originate from trusted sources. By making critical resources available through the Security WG, users can be sure these have been peer-reviewed by experts in the community.

Security features are fundamental parts of a platform, and making security-related changes requires consensus among major stakeholders. Erlang Ecosystem Foundation, and a Security Working Group being part of it, can coordinate such work and ensure consensus is reached.

It is often undesirable to disclose specific security issues before a mitigation is made. Trust in Security Working Group as a part of foundation is necessary to facilitate discussion and mitigation of sensitive issues before making a public statement.

Initial list of volunteers

  • Maxim Fedorov
  • Bram Verburg
  • Hans Nilsson
  • Peter Dimitrov
  • Griffin Byatt
  • Duncan Sparrell

You can reach us at: security@erlef.org

Latest News

Nothing yet! Check back soon!
Drew Varner
Drew Varner
Griffin Byatt
Griffin Byatt
Alexandre Rodrigues
Alexandre Rodrigues
Hans Nilsson
Hans Nilsson
Maxim Fedorov
Maxim Fedorov
Duncan Sparrell
Duncan Sparrell
Bram Verburg
Bram Verburg
Peter Dimitrov
Peter Dimitrov