Security Working Group Minutes

The Security WG has a recurring virtual meeting once every four weeks. Meeting minutes and the time and date of the next meeting will be published in this thread.

Meetings are open to EEF members: the meeting link is published to the #security channel on EEF Slack one hour prior to each meeting.

3 Likes

April 3, 2024

Participants: Holden Oullette, @maennchen, @max-au, Paul Swartz, @peerst, @voltone

Bandit

  • Ongoing (Holden)
  • Try to add to automated test suite for web servers
  • Code review of three handlers (HTTP 2.0, HTTP 1.1 and Websocket)

GitHub org 2FA

  • Needs some preparation, to avoid locking out users without 2FA
  • Send out email, and heads-up in Slack (@max-au)

OCSP stapling client

OIDC client

Positioning Erlang ecosystem as “secure”

  • See Whitehouse paper on memory safe languages
  • Counter FUD
  • Collaborate on a doc, targeting blog post or white paper
    • To be shared with Marketing WG for distribution

Supply chain, SBoM of OTP

  • EU funded project (@peerst)
  • SBoM tooling upgrades

Meeting notes

  • Should be publish to Erlang Forums

Next meeting

2nd May 2024 at 16:00 CEST / 14:00 GMT / 10am EDT / 7am PDT / 23:00 JST

5 Likes

Small Correction: it’s FAPI 2.0.

Spec: FAPI 2.0 Security Profile

2 Likes

This is now enforced, all erlef repo members must have 2FA enabled. Please ping me or infra@ if you are accidentally locked out.

2 Likes