История

Jeremy Apthorp 5c6c8279ff chore: set @MarshallOfSound as chair of sec-wg (#269 )		2020-04-15 11:08:35 -07:00
..
README.md	chore: set @MarshallOfSound as chair of sec-wg (#269 )	2020-04-15 11:08:35 -07:00
membership-and-notifications.md	docs: update name of notification group (#73 )	2019-04-18 13:17:28 -07:00

Security WG

Proactively ensures the Security of Electron as a project, responds to incoming incidents, and oversees rollout of fixes.

Membership

Name	Role	Time Zone
Samuel Attard @MarshallOfSound	Chair	PST (Vancouver)
Charles Kerr @ckerr	Member	CST (New Orleans)
Deepak Mohan @deepak1556	Member	?
Cheng Zhao @zcbenz	Member	JST (?)
Felix Rieseberg @felixrieseberg	Member	PST (San Francisco)
Jeremy Apthorp @nornagon	Member	PST (San Francisco)
Milan Burda @miniak	Member	CET (Prague)
Pedro Pontes @ppontes	Member	CET (Prague)
Steve Barbaro @StevenEBarbaro	Member	?

Objective:

Electron is used/trusted by organizations with enterprise and corporate-high-security environments.

Key Results:

Increase adoption of Electron security best-practices & tooling in AFP and partner applications
Increase engagement of website security documentation (i.e. MOAR pageviews)
Increase measurable security for self-identified enterprise apps.

Partner Applications: an app reporting feedback to Electron but outside the AFP
AFP: App Feedback Program
measurable security: an audit tool like https://github.com/doyensec/electronegativity, or self-report

The reporting address: security@electronjs.org
Coordinating fixes and disclosures of vulnerabilities
Security of Electron as a project
- Build infrastructure
- Release tooling
- Credential management
Proactive measures
- Fuzz testing
- Pen testing
- Security review of parts of the codebase
- Security sign-off on IPC and certain API related changes

All repositories in the electron organization along with exclusive access to electron/security.

Meeting notes may be viewed in meeting-notes as they become available.