Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time

Security WG

Proactively ensures the Security of Electron as a project, responds to incoming incidents, and oversees rollout of fixes.

Membership

Avatar Name Role Time Zone
@MarshallOfSound Samuel Attard @MarshallOfSound Chair PST (Vancouver)
@nornagon Jeremy Rose @nornagon Member PST (San Francisco)
@deepak1556 Deepak Mohan @deepak1556 Member ?
@zcbenz Cheng Zhao @zcbenz Member JST (?)
@miniak Milan Burda @miniak Member CET (Prague)
@ppontes Pedro Pontes @ppontes Member CET (Prague)
@StevenEBarbaro Steve Barbaro @StevenEBarbaro Member ?
@belenko Andrey Belenko @belenko Member CET (Prague)
@mlaurencin Michaela Laurencin @mlaurencin Observer (until Feb 2021) PST

Current Objective and Key Results

Objective:

Electron is used/trusted by organizations with enterprise and corporate-high-security environments.

Key Results:

  1. Increase adoption of Electron security best-practices & tooling in AFP and partner applications
  2. Increase engagement of website security documentation (i.e. MOAR pageviews)
  3. Increase measurable security for self-identified enterprise apps.

Areas of Responsibility

  • The reporting address: security@electronjs.org
  • Coordinating fixes and disclosures of vulnerabilities
  • Security of Electron as a project
    • Build infrastructure
    • Release tooling
    • Credential management
  • Proactive measures
    • Fuzz testing
    • Pen testing
    • Security review of parts of the codebase
    • Security sign-off on IPC and certain API related changes

Associated Repositories

All repositories in the electron organization along with exclusive access to electron/security.

Rules for Membership

See Membership and Notifications

Meeting Schedule

  • Sync Meeting 1hr Weekly @ Wednesday 9:30AM PT

Meeting notes may be viewed in meeting-notes as they become available.