История

Jeremy Rose 183090f7d8 chore: add @mlaurencin as sec-wg observer (#392 )		2020-12-22 15:16:18 -08:00
..
README.md	chore: add @mlaurencin as sec-wg observer (#392 )	2020-12-22 15:16:18 -08:00
membership-and-notifications.md	docs: update name of notification group (#73 )	2019-04-18 13:17:28 -07:00

Security WG

Proactively ensures the Security of Electron as a project, responds to incoming incidents, and oversees rollout of fixes.

Membership

Name	Role	Time Zone
Jeremy Rose @nornagon	Chair	PST (San Francisco)
Deepak Mohan @deepak1556	Member	?
Cheng Zhao @zcbenz	Member	JST (?)
Samuel Attard @MarshallOfSound	Member	PST (Vancouver)
Milan Burda @miniak	Member	CET (Prague)
Pedro Pontes @ppontes	Member	CET (Prague)
Steve Barbaro @StevenEBarbaro	Member	?
Andrey Belenko @belenko	Member	CET (Prague)
Michaela Laurencin @mlaurencin	Observer (until Feb 2021)	PST

Objective:

Electron is used/trusted by organizations with enterprise and corporate-high-security environments.

Key Results:

Increase adoption of Electron security best-practices & tooling in AFP and partner applications
Increase engagement of website security documentation (i.e. MOAR pageviews)
Increase measurable security for self-identified enterprise apps.

Partner Applications: an app reporting feedback to Electron but outside the AFP
AFP: App Feedback Program
measurable security: an audit tool like https://github.com/doyensec/electronegativity, or self-report

The reporting address: security@electronjs.org
Coordinating fixes and disclosures of vulnerabilities
Security of Electron as a project
- Build infrastructure
- Release tooling
- Credential management
Proactive measures
- Fuzz testing
- Pen testing
- Security review of parts of the codebase
- Security sign-off on IPC and certain API related changes

All repositories in the electron organization along with exclusive access to electron/security.

Meeting notes may be viewed in meeting-notes as they become available.