Proactively ensures the Security of Electron as a project, responds to incoming incidents, and oversees rollout of fixes.
| Avatar | Name | Role | Time Zone |
|---|---|---|---|
 |
Samuel Attard @MarshallOfSound | Chair | PST (Vancouver) |
 |
Jeremy Rose @nornagon | Member | PST (San Francisco) |
 |
Deepak Mohan @deepak1556 | Member | JST (Nagano) |
 |
Cheng Zhao @zcbenz | Member | JST (Nagoya) |
 |
Milan Burda @miniak | Member | CET (Prague) |
 |
Pedro Pontes @ppontes | Member | CET (Prague) |
 |
Steve Barbaro @StevenEBarbaro | Member | ? |
 |
Andrey Belenko @belenko | Member | CET (Prague) |
 |
Michaela Laurencin @mlaurencin | Observer (until Feb 2021) | PST |
Objective:
Electron is used/trusted by organizations with enterprise and corporate-high-security environments.
Key Results:
- Increase adoption of Electron security best-practices & tooling in AFP and partner applications
- Increase engagement of website security documentation (i.e. MOAR pageviews)
- Increase measurable security for self-identified enterprise apps.
- Partner Applications: an app reporting feedback to Electron but outside the AFP
- AFP: App Feedback Program
- measurable security: an audit tool like https://github.com/doyensec/electronegativity, or self-report
- The reporting address: security@electronjs.org
- Coordinating fixes and disclosures of vulnerabilities
- Security of Electron as a project
- Build infrastructure
- Release tooling
- Credential management
- Proactive measures
- Fuzz testing
- Pen testing
- Security review of parts of the codebase
- Security sign-off on IPC and certain API related changes
All repositories in the electron organization along with exclusive access
to electron/security.
See Membership and Notifications
- Sync Meeting 1hr Weekly @ Wednesday 9:30AM PT
Meeting notes may be viewed in meeting-notes as they become available.