A group dedicated to improve EdgeX security through architecture, documentation, code review, vulnerability management.
Key Working Group Facts
Working Group Creation Date: June 2, 2017
Working Group Chair: Colin Hutchinson (Kong) - Past Chairs: Malini Bhandaru (VMware) , Tingyu Zeng (Dell), Doug Gardner (ADI), David Ferriera (ForgeRock)
Security Issue Reporting Process:
- Send private email to: security-issues@lists.edgexfoundry.org
- TSC Ratified Process: EdgeX Process for Addressing Security Issues-v5.pdf. (note: use above email address for reporting)
Mailing List
- Security team’s mail alias: edgex-tsc-security@lists.edgexfoundry.org
- To subscribe or unsubscribe via the World Wide Web, visit: https://lists.edgexfoundry.org/g/EdgeX-TSC-Security
Meeting Time
- Security Working Group meetings are open to the public, and are held weekly.
- Security Working Group meetings are held on Wednesday's at 9am PT (find your local time here)
- To subscribe to the meeting invitation, please visit Community Meetings & Calendar
-----
Dial-In Info:Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/576218946
Or iPhone one-tap (US Toll): +14086380968,,576218946# or +16465588656,,576218946#
Or Telephone:
Dial: +1 408 638 0968 (US Toll) or +1 646 558 8656 (US Toll)
+1 855 880 1246 (US Toll Free)
+1 877 369 0926 (US Toll Free)
Meeting ID: 576 218 946
International numbers available: https://zoom.us/zoomconference?m=t6UX5OTIE0SFrIk-9MMnBPbFjE3dZ_xx
Meeting Minutes
- June 24, 2020: Security WG Meeting 06-24-2020; Meeting Recording
- June 17, 2020: Meeting Minutes; Meeting Recording
- June 10, 2020: Meeting Minutes; Meeting Recording (Password: 8A^&HL69)
- June 3, 2020: Meeting Minutes; Meeting Recording (Password: 1Z=CI?w^)
- May 20, 2020: Meeting Minutes; Meeting Recording (Password: 1D%7$j&2)
- May 13, 2020: Meeting Minutes; Meeting Recording (Password: 6U#=Q%?^)
- May 12, 2020: Edgex-Arm integration kick-off meeting
- April 22, 2020: Meeting Minutes; Meeting Recording (Password: 6I*?$%05)
- April 15, 2020: Meeting Minutes; Meeting Recording (Access Password: y6&2?H4h)
- April 8, 2020:Meeting Minutes; Meeting Recording
- March 25, 2020: Meeting Minutes; Meeting Recording
Hanoi Release(all - for latest update of Hanoi Release Planning doc, please go here)
- March 18, 2020: Meeting Minutes; Meeting Recording
- March 11, 2020: Meeting Minutes; Meeting Recording
- March 4, 2020: Meeting Minutes; Meeting Recording
- February 26, 2020: Meeting Minutes; Meeting Recording
- February 19, 2020: Meeting Minutes; Meeting Recording
- February 12, 2020: Meeting Minutes; Meeting Recording
- February 5, 2020: Meeting Minutes; Meeting Recording
- Proposal to secure API V2 ( by Bryon Nevis) : EdgeX API 2.0 security
- January 29, 2020: Meeting Minutes; Meeting Recording
- January 22, 2020: Meeting Minutes; Meeting Recording
- January 15, 2020: Meeting Minutes; Meeting Recording
- January 8, 2020: Meeting Minutes; Meeting Recording
- December 18, 2019: Meeting Minutes; Meeting Recording
- December 11, 2019: Meeting Minutes; Meeting Recording
- December 4, 2019: Meeting Minutes; Meeting Recording
- November 20, 2019: Meeting Minutes; Meeting Recording
- November 13, 2019: Meeting Minutes; Meeting Recording
- October 30, 2019: Meeting cancelled
- October 23, 2019: Meeting Minutes; Meeting Recording
- October 16, 2019: Meeting Minutes; Meeting Recording
- October 2, 2019: Meeting Minutes; Meeting Recording
- September 25, 2019: Meeting Minutes; Meeting Recording
- September 18, 2019: Meeting Minutes; Meeting Recording
- September 11, 2019: Meeting Minutes; Meeting Recording
- September 4, 2019: Meeting Minutes; Meeting Recording
- August 28, 2019: Meeting Minutes; Meeting Recording
- August 14, 2019: Meeting Recording
- August 7, 2019: Meeting Minutes; Meeting Recording
- July 24, 2019: Meeting Minutes; Meeting Recording
- July 17, 2019: Meeting Minutes;SAST Slides;Meeting Recording
- July 10, 2019: Meeting Minutes; Meeting Recording
- June 26, 2019: Meeting Minutes Meeting Recording
- June 19, 2019: Meeting Minutes; Meeting Recording
- June 12, 2019: Meeting Minutes; Meeting Recording
- June 5, 2019: Meeting Minutes; Meeting Recording
- May 29, 2019: Meeting Minutes; Meeting Recording
- May 22, 2019: Meeting Minutes; Meeting Recording
- May 15, 2019: Meeting Minutes; Meeting Recording
- May 8, 2019: Meeting Recording
- April 24. 2019: Meeting Recording
- April 17, 2019: Meeting Minutes; EdgeX Process for Addressing Security Issues-v5.pdf; EdgeX Process for Addressing Security Issues-v5.docx; Protecting EdgeX Secrets-v7.pdf; Protecting EdgeX Secrets-v7.docx; Meeting Recording
- April 10, 2019: Meeting Minutes; Protecting EdgeX Secrets-v7.pdf; Protecting EdgeX Secrets-v7.docx; Meeting Recording
- Intel (Bryon and Jim) roadmap doc to explore; https://docs.google.com/presentation/d/17W7MghqrZUu5sIHnS4F6GtOYkPWObJP-e9Tieh2qbRI/edit?pli=1#slide=id.p
- Threat Model: https://github.com/bnevis-i/security-secret-store/pull/1
- Tingyu's design for Vault initialization program and Mongo init script: Security Store Service for MongoDB microservice.docx
- April 3, 2019: Meeting Minutes; Documents covered and requesting review: Protecting EdgeX Secrets-v6.pdf Protecting EdgeX Secrets-v6.docx EdgeX Process for Addressing Security Issues-v4.pdf; EdgeX Process for Addressing Security Issues-v4.docx; Meeting Recording
- Intel's Exploration of EdgeX security (Threat Modeling and what's next) presentation: https://docs.google.com/presentation/d/17W7MghqrZUu5sIHnS4F6GtOYkPWObJP-e9Tieh2qbRI/edit?pli=1#slide=id.g556c569946_0_6
- Intel's Threat Model for Secret Store: https://github.com/bnevis-i/security-secret-store/pull/1
- March 27, 2019:Meeting Minutes ; Meeting Recording; Documents reviewed: Protecting EdgeX Secrets-v4.pdf EdgeX Process for Addressing Security Issues-v3.pdf
- March 13 & 20th, 2019: Canceled
- March 6, 2019:Minutes; Meeting Recording
- February 27, 2019: Canceled
- February 20, 2019: Meeting Recording
- February 13, 2019: Canceled
- February 6, 2019: Canceled
- January 30, 2019: Meeting Recording
- January 16, 2019: Meeting Recording
- January 9, 2019: Meeting Recording
- December 12, 2018: Meeting Recording
- December 5, 2018: Slides and Meeting Recording
- November 28, 2018: Slides and Meeting Recording
- November 21, 2018: Canceled
- November 14, 2018: Slides and Meeting Recording
- November 7, 2018: Slides and Meeting Recording
- October 31, 2018: Canceled
- October 10, 2018: Slides and Meeting Recording
- September 26, 2018: Meeting Recording
- September 19, 2018: Meeting Recording
- September 12, 2018: Meeting Recording
- September 5, 2018: Meeting Recording
- August 31, 2018: Meeting Recording (HRoT working session); Link to TPM specs and policies
- August 29, 2018: Meeting Recording
- August 22, 2018: Meeting Recording
- August 1, 2018: Meeting Recording
- July 25, 2018: Meeting Recording
- July 11, 2018: Meeting Recording
- June 27, 2018: Meeting Recording
- June 20, 2018: Meeting Recording
- June 13, 2018: Meeting Recording
- June 6, 2018: Cancelled since F2F meeting is occurring this week.
- May 30, 2018: Slides and Meeting Recording
- May 23, 2018: Slides and Meeting Recording
- May 16, 2018: Slides and Meeting Recording
- May 9, 2018: Slides and Meeting Recording
- May 2, 2018: Slides and Meeting Recording
- April 25, 2018: Cancelled
- April 18, 2018: Cancelled
- April 11, 2018: Slides and Meeting Recording
- April 04, 2018: Slides and Meeting Recording
- March 28, 2018: Cancelled
- March 21, 2018: Slides and Meeting Recording
- March 14, 2018: Slides and Meeting Recording
- IIC Endpoint Security Best Practices Final Mar 2018 document: http://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf
- Snapshot of Secure Proxy + Authentication Options for EdgeX
- Snapshot of EdgeX-simple-jwt-auth--DRAFT
- March 7, 2018: Slides and Meeting Recording
- February 28, 2018: Slides and Meeting Recording
- February 21, 2018: Slides and Meeting Recording
- February 14, 2018: Slides and Meeting Recording
- February 7, 2018: Slides and Meeting Recording
- January 31, 2018: Meeting Recording
- January 24, 2018: Slides and Meeting Recording
- January 10, 2018: Meeting Recording
- January 3, 2018: Slides and Meeting Recording
- December 20, 2017: Meeting Recording
- December 13, 2017: Slides and Meeting Recording
- November 29, 2017: Slides and Meeting Recording
- November 15, 2017: Slides and Meeting Recording
- November 8, 2017: Meeting Recording
- November 1, 2017: Slides and Meeting Recording
- October 25, 2017: Slides and Meeting Recording
- October 11, 2017: Slides and Meeting Recording
- September 27, 2017: Slides and Meeting Recording
- September 20, 2017: Slides and Meeting Recording
- September 13, 2017: Slides and Meeting Recording
- September 6, 2017 Meeting - We reviewed the final outcome of the F2F meeting. Please click on this link to see the outcome and final slide deck: Link
- August 29 + 30: F2F Meeting - See 29 and 30 August 2017: Palo Alto, CA
- August 23: Meeting Recording
- August 16, 2017: Slides
- August 9, 2017: Slides
- July 7, 2017: Slides; Notes and Actions; Meeting Recording
- June 1-2, 2017: Slides
Documents
- Vault master key protection-DRAFT-v0.5.pdf
- Hardware-based Secure Storage Design - DRAFT
- Ongoing work in online document @ https://docs.google.com/document/d/1MsTNdwtZp3zA-nPhCC3COakL3e5mrhJuFByy6ja5OxU/edit?ts=5c1a5e4. Request access at this link.
- EdgeX Security Roadmap for Delhi, Edinburgh, Fuji and beyond
- Security Working Group Google Drive Folder
- Consolidated Feature Backlog Document
- FuseSecurityRequirements-Jan2017.docx