Security Working Group

The mission of the Security Working Group is to identify security issues, and provide solutions, develop guidance, standards, technical mechanisms and documentation.

Mission Statement

Mission of the Security Working Group is to identify security issues, and provide solutions, develop guidance, standards, technical mechanisms and documentation.

Benefits to the community

  • Bringing trust in Erlang Ecosystem as a secure environment
  • Trusted source of information and discussions for entire ecosystem

Short term deliverables

  • Improve SSL implementation performance and scalability
  • Provide reference implementation for code signing
  • Ensure supply chain security for code/package repositories (e.g. hex.pm)
  • Identify, prioritize and track security issues

Long term deliverables

  • Produce and maintain secure coding guidelines and tooling for building secure applications
  • Develop hardening guidelines for BEAM deployments
  • Document security guarantees of built-in OTP applications, and improve them where necessary
  • Raise awareness of security - talks, slides, articles, blog posts, educational documents, conferences, meet-ups
  • Develop vulnerability disclosure program for the ecosystem, templates and processes for vulnerability disclosure

Why does this group require the Foundation

Security resources (libraries, tools, documentation) must originate from trusted sources. By making critical resources available through the Security WG, users can be sure these have been peer-reviewed by experts in the community.

Security features are fundamental parts of a platform, and making security-related changes requires consensus among major stakeholders. Erlang Ecosystem Foundation, and a Security Working Group being part of it, can coordinate such work and ensure consensus is reached.

It is often undesirable to disclose specific security issues before a mitigation is made. Trust in Security Working Group as a part of foundation is necessary to facilitate discussion and mitigation of sensitive issues before making a public statement.

Initial list of volunteers

  • Maxim Fedorov
  • Bram Verburg
  • Hans Nilsson
  • Peter Dimitrov
  • Griffin Byatt
  • Duncan Sparrell

Current Working Group Chairs

  • Bram Verburg
Bram Verburg
Bram Verburg
Drew Varner
Drew Varner
Holden Oullette
Holden Oullette
Michael Lubas
Michael Lubas
Jonatan Männchen
Jonatan Männchen
Maxim Fedorov
Maxim Fedorov
Peer Stritzinger
Peer Stritzinger
Paul Swartz
Paul Swartz
View our calendar

You can reach us:

Recent posts
Cybersecurity Awareness Month (CAM 2024)
October 21, 2024 by The Security Working Group
Exposed EPMD: A Hidden Security Risk for RabbitMQ and the BEAM Ecosystem
December 17, 2024 by The Security Working Group