Re: Security WG meeting

Malini Bhandaru

Inline comments Jim


From: <EdgeX-TSC-Security@...> on behalf of "White2, James via Lists.Edgexfoundry.Org" <>
Reply-To: "White, James (EMC)" <James_White2@...>
Date: Monday, April 15, 2019 at 6:58 PM
To: "ian.johnson@..." <ian.johnson@...>
Cc: "EdgeX-TSC-Security@..." <EdgeX-TSC-Security@...>
Subject: Re: [Edgex-tsc-security] Security WG meeting


Thanks Ian – sorry for the mix up.  Here are the links:


Addressing security issues (CVE):

I would make each a section:

  1. Setup SIR Team, with sub-sections: Team composition, Ratification, Tenure, Handling Vacancies, Role: Handling the security issues
  2. Security-Issues Email address set up. For privately and responsibly reporting security issues to the SIR Team
  3. Security Issues Landing page set up.
  4. Response Procedure
    1. EdgeX Code
    2. 3 rd Party Dependencies

    The contents of sections 2-4 look done to me.


Some minor edits:

  1. s/chairman/chairperson
  2. s/effected/affected


Protecting EdgeX Secrets for Edinburgh:


From: Ian Johnson <ian.johnson@...>
Sent: Monday, April 15, 2019 8:55 PM
To: White2, James
Cc: EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] Security WG meeting





On Mon, Apr 15, 2019 at 8:21 PM White2, James <James.White2@...> wrote:


A reminder that the security working group will hold its call right after the TSC meeting on Wednesday (10am CDT).  We have a full agenda to include:

  • Review/finalization of the Securing service secrets doc – version 7

This doc link seems to be for the Security issue process?


  • Review/finalization of the Security issue process – version 5
  • Discussion on which credential generation mechanism to use for Vault DB secrets (pick up from Tingyu’s discussion last week)
  • Bulk of the time to Fuji scoping and roadmapping – based on Bryon’s Github pull request document.


Find connection information and full agenda here:


Look forward to talking to you all.


Jim White

Director, IoT Platform Development Team & Distinguished Engineer

EdgeX Foundry Technical Steering Committee Vice Chairman

Dell Technologies | IoT Solutions Division

Office +1 512-723-6139, mobile/text +1 612-916-6693



Join to automatically receive all group messages.