David Huseby <dhuseby@...>
Hi Burrow Team,
The time has come to organize the Hyperledger security team to handle confidential security bug reports. The way this will work with Hyperledger is that each team will have a primary and secondary person who focuses on security and will volunteer to do be a part of the Hyperledger security team. So far, I have volunteers from Fabric, Sawtooth, Iroha, and Indy. Burrow is a very important project at Hyperledger and I would like to have your team participate.
What does this mean?
Hyperledger has a confidential security bug reporting process and we have a small team of volunteers that goes through the reports, files confidential bugs if necessary, and coordinates the fixing and disclosure of the bugs.
Is it a lot of work?
No. So far we haven't had the need to meet regularly. Instead the team meets whenever there is a security bug reported. However our projects are just starting to mature and to be widely adopted so expect that the work load will increase slightly. I'm hoping to keep the security team meetings to a minimum--as needed--basis.
So I'm looking for two volunteers: a primary and backup security team volunteer from the Burrow development team. Please email me if you would like to volunteer.