Security Working Group

A group dedicated to improve EdgeX security through architecture, documentation, code review, vulnerability management.

Security working group has been dissolved and is now part of the Core Working Group

Key Working Group Facts

Working Group Creation Date: June 2, 2017
Working Group Chair:  Bryon Nevis (Intel) - Past Chairs: Colin Hutchinson (Kong), Malini Bhandaru (VMware) , Tingyu Zeng (Dell), Doug Gardner (ADI), David Ferriera (ForgeRock)
Dissolution Date: June 23, 2023

Security Issue Reporting Process:

• Send private email to: security-issues@lists.edgexfoundry.org 
• TSC Ratified Process:  EdgeX Process for Addressing Security Issues-v5.pdf. (note: use above email address for reporting)

Mailing List

• Security team’s mail alias: edgex-tsc-security@lists.edgexfoundry.org
• To subscribe or unsubscribe via the World Wide Web, visit: https://lists.edgexfoundry.org/g/EdgeX-TSC-Security

Meeting Minutes

• June 14, 2023: Permanently cancelled.  EdgeX security working group is now part of the Core Working Group
• June 7, 2023: Cancelled for Napa release planning meeting
• May 31, 2023: Cancelled for Napa Pre-wire
• May 24, 2023: Cancelled
• May 17, 2023: Agenda 2023-05-17 (pdf): Meeting Recording
• May 10, 2023: Agenda 2023-05-10 (pdf): Meeting Recording
• May 3, 2023: Cancelled
• April 26, 2023: Cancelled
• April 19, 2023: Agenda 2023-04-19 (pdf): Meeting Recording
• April 12, 2023: Agenda 2023-04-12 (pdf): Meeting Recording
• April 5, 2023: Agenda 2023-04-05 (pdf): Meeting Recording
• March 29, 2023: Cancelled
• March 22, 2023: Agenda 2023-03-22 (pdf): Meeting Recording
• March 15, 2023: Cancelled
• March 8, 2023: Agenda 2023-03-08 (pdf): Meeting Recording
• March 1, 2023: Cancelled
• February 22, 2023: Cancelled
• February 15, 2023: Agenda 2023-02-15 (pdf): Meeting Recording
• February 8, 2023: Agenda 2023-02-08 (pdf): Meeting Recording
• February 1, 2023: Cancelled (no updates)
• January 25, 2023: Cancelled (no updates)
• January 18, 2023: Agenda 2023-01-18 (pdf): Meeting Recording
• January 11, 2023: Agenda 2023-01-11 (pdf): Meeting Recording
• January 4, 2023: Agenda 2023-01-04 (pdf): Meeting Recording
• December 28, 2022: Cancelled
• December 21, 2022: Cancelled
• December 14, 2022: Agenda 2022-12-14 (pdf): Meeting Recording
• December 7, 2022: Cancelled
• November 30, 2022: Agenda 2022-11-30 (pdf): Meeting Recording.  OpenZiti discussion.
• November 23, 2022: Cancelled (Thanksgiving week in US)
• November 16, 2022: Preempted for Minnesota planning conference: Nov 14-17, 2022: Minnesota Planning Conference
• November 9, 2022: Agenda 2022-11-09 (pdf): Meeting Recording
• November 2, 2022: Cancelled
• October 26, 2022: Cancelled
• October 19, 2022: Cancelled
• October 12, 2022: Agenda 2022-10-12 (pdf): Meeting Recording
• October 5, 2022: Cancelled (follow suit for TSC cancellation)
• September 28, 2022: Agenda 2022-09-28 (pdf): Meeting Recording
• September 21, 2022: Cancelled (please review IOTech's threat model PR)
• September 14, 2022: Agenda 2022-09-14 (pdf): Meeting Recording
• September 7, 2022: Agenda 2022-09-07 (pdf): Meeting Recording
• August 31, 2022: Agenda 2022-08-31 (pdf): Meeting Recording
• August 24, 2022: Cancelled (no topics for today)
• August 17, 2022: Agenda 2022-08-17 (pdf): Meeting Recording
• August 10, 2022: Cancelled (chair on vacation)
• August 3, 2022: Agenda 2022-08-03 (pdf): Meeting Recording
• July 27, 2022: Cancelled (no topics for today)
• July 20, 2022: Cancelled (no topics for today)
• July 13, 2022: Agenda 2022-07-13 (pdf): Meeting Recording
• July 6, 2022: Cancelled due to conflict in chair's schedule
• June 29, 2022: Agenda 2022-06-29 (pdf): Meeting Recording
• June 22, 2022: Cancelled due to chair's planned vacation
• June 15, 2022: Agenda 2022-06-15 (pdf): Meeting Recording
• June 8, 2022: Cancelled due to conflict in chair's schedule
• June 1, 2022: Cancelled due to conflict in chair's schedule
• May 25, 2022: Agenda 2022-05-25 (pdf): Meeting Recording
• May 18, 2022: Cancelled for Levski planning conference
• May 11, 2022: Agenda 2022-05-11 (pdf): Meeting Recording - guest speaker Phillip Griffiths & Clint Dovholuk from NetFoundry
• May 4, 2022: Cancelled due to lack of quorum
• April 27, 2022: Agenda 2022-04-27 (pdf): Meeting Recording
• April 20, 2022: Cancelled for Levski prewire meeting
• April 13, 2022: Agenda 2022-04-13 (pdf): Meeting Recording
• April 6, 2022: Agenda 2022-04-06 (pdf): Meeting Recording
• March 30, 2022: Agenda 2022-03-30 (pdf): Meeting Recording
• March 23, 2022: Cancelled
• March 16, 2022: Agenda 2022-03-16 (pdf): Meeting Recording
• March 9, 2022: Agenda 2022-03-09 (pdf): Meeting Recording
• March 2, 2022: Agenda 2022-03-02 (pdf): Meeting Recording
• February 23, 2022: Agenda 2022-02-23 (pdf): Meeting Recording
• February 16, 2022: Cancelled due to lack of discussion topics
• February 9, 2022: Cancelled due to lack of discussion topics
• February 2, 2022: Agenda 2022-02-02 (pdf): Meeting Recording
• January 26, 2022: Cancelled due to meeting conflict
• January 19, 2022: Agenda 2022-01-19 (pdf): Meeting Recording
• January 12, 2022: Cancelled due to lack of agenda topics; will meet next week
• January 5, 2022: Agenda 2022-01-05 (pdf): Meeting Recording
• December 29, 2021: Cancelled for holidays
• December 22, 2021: Cancelled for holidays
• December 15, 2021: Agenda 2021-12-15 (pdf): Meeting Recording
• December 8, 2021: Agenda 2021-12-08 (pdf): Meeting Recording
• December 1, 2021: Agenda 2021-12-01 (pdf): Meeting Recording
• November 24, 2021: Cancelled for holidays
• November 17, 2021: Agenda 2021-11-17 (pdf): Meeting Recording
• November 10, 2021: Agenda 2021-11-10 (pdf): Meeting Recording
• November 3, 2021: Cancelled.  See Kamakura Planning
• October 27, 2021: Cancelled
• October 20, 2021: Agenda 2021-10-20 (pdf): Meeting Recording
• October 13, 2021: Agenda 2021-10-13 (pdf): Meeting Recording
• October 6, 2021: Agenda 2021-10-06 (pdf): Meeting Recording
• September 29, 2021: Agenda 2021-09-29 (pdf): Meeting Recording
• September 22, 2021: Cancelled
• September 15, 2021: Agenda 2021-09-15 (pdf): Meeting Recording
• September 8, 2021: Agenda 2021-09-08 (pdf): Meeting Recording
• September 1, 2021: Agenda 2021-09-01 (pdf): Meeting Recording
• August 25, 2021: Agenda 2021-08-25 (pdf): Meeting Recording
• August 18, 2021: Agenda 2021-08-18 (pdf): Meeting Recording
• August 11, 2021: Cancelled
• August 4, 2021: Agenda 2021-08-04 (pdf): Meeting Recording
• July 28, 2021: Agenda 2021-07-28 (pdf): Meeting Recording
• July 21, 2021: Agenda 2021-07-14 (pdf); Meeting Recording
• July 14, 2021: Agenda 2021-07-04 (pdf); Meeting Recording
• July 7, 2021: Cancelled
• June 30, 2021: Cancelled
• June 23, 2021: Cancelled due to Jakarta virtual F2f
• June 16, 2021: Security WG Meeting 6_16_2021.docx; Meeting Recording
• June 9, 2021: Security WG Meeting 6_9_2021.docx; Meeting Recording  - includes demo of LFX Security from David Deal (LF)
• June 2, 2021: Security WG Meeting 06-02-2021; Meeting Recording
• May 26, 2021: Security WG Meeting 05-26-2021; Meeting Recording
• May 19, 2021: Security WG Meeting 05-19-2021; Meeting Recording
• May 12, 2021:  Security WG Meeting 05-12-2021; Meeting Recording
• May 5, 2021: Security WG Meeting 05-05-2021; Meeting Recording
• April 28, 2021: Security WG Meeting 04-28-2021; Meeting Recording
• April 21, 2021:  Meeting Recording
• April 14, 2021: Security WG Meeting 4-14-2021; Meeting Recording
  
• April 7, 2021: Security WG Meeting 4-7-2021; Meeting Recording
  
• March 31, 2021: Security WG Meeting 03-31-2021; Meeting Recording
  
• March 24, 2021:  Security WG Meeting 03-24-2021Meeting Recording
• March 17, 2021: Security WG Meeting 03-17-2021; Meeting Recording
  
• March 10, 2021:  Security WG Meetin 03-10-2021; Meeting Recording
• March 3, 2021: Security WG Meeting 03-03-2021; Meeting Recording
  
• February 24, 2021: Security WG Meeting 02-24-2021; Meeting Recording
• February 17, 2021:  Meeting Recording
• February 10, 2021: Security WG Meeting 2-10-2021; Meeting Recording
• February 3, 2021: Security WG Meeting 2-3-2021; Meeting Recording
• January 27, 2021:  No meeting
• January 20, 2021: Security WG Meeting 01-20-2021; Meeting Recording
• January 13, 2021: Security WG Meeting 01-13-2021; Meeting Recording
• January 6, 2021: Security WG Meeting 01-06-2021; Meeting Recording
• December 16, 2020: Security WG Meeting 16-12-2020; Meeting Recording
• December 9, 2020: Security WG Meeting 9-12-2020; Meeting Recording
• December 2, 2020:  Security WG Meeting 2-12-2020; Meeting Recording
• November 18, 2020:  Security WG Meeting 11-18-2020 Meeting Recording
• November 5, 2020: Meeting Recording (Extra meeting to develop Security tasks/priority list for Ireland)
• November 4, 2020:  Meeting Recording
• October 28, 2020:  Meeting Recording
• October 21, 2020: Security WG Meeting 10-21-2020; Meeting Recording
• September 30, 2020: Security WG Meeting 09-30-2020; Meeting Recording
• September 23, 2020: Security WG Meeting 09-23-2020; Meeting Recording
• September 9, 2020: Security WG Meeting 09-09-2020; Meeting Recording
• September 2, 2020: Security WG Meeting 09-02-2020; Meeting Recording
• August 26, 2020: Security WG Meeting 08-26-2020; Meeting Recording
• August 19, 2020:Security WG Meeting 08-19-2020; Meeting Recording
• August 12, 2020:  Security WG Meeting 08-12-2020; Meeting Recording
• August 5, 2020: Security WG Meeting 08-05-2020; Meeting Recording
• July 29, 2020: Security WG Meeting 07-29-2020; Meeting Recording
• July 22, 2020: Security WG Meeting 07-22-2020; Meeting Recording
• July 15, 2020: Security WG Meeting 07-15-2020; Meeting Recording
• July 8, 2020: Security WG Meeting 07-08-2020; Meeting Recording
• June 24, 2020: Security WG Meeting 06-24-2020; Meeting Recording
• June 17, 2020: Meeting Minutes; Meeting Recording
• June 10, 2020: Meeting Minutes; Meeting Recording (Password: 8A^&HL69)
• June 3, 2020: Meeting Minutes; Meeting Recording (Password: 1Z=CI?w^)
• May 20, 2020: Meeting Minutes; Meeting Recording (Password: 1D%7$j&2)
• May 13, 2020: Meeting Minutes; Meeting Recording (Password: 6U#=Q%?^)
• May 12, 2020: Edgex-Arm integration kick-off meeting
• April 22, 2020: Meeting Minutes; Meeting Recording (Password: 6I*?$%05)
• April 15, 2020: Meeting Minutes; Meeting Recording (Access Password: y6&2?H4h)
• April 8, 2020:Meeting Minutes; Meeting Recording
• March 25, 2020: Meeting Minutes; Meeting Recording
  • Hanoi Release (all - for latest update of Hanoi Release Planning doc, please go here)
• March 18, 2020: Meeting Minutes; Meeting Recording
• March 11, 2020: Meeting Minutes; Meeting Recording
• March 4, 2020: Meeting Minutes;  Meeting Recording
  • Security Input to EdgeX 2.0 API
• February 26, 2020: Meeting Minutes; Meeting Recording
• February 19, 2020: Meeting Minutes; Meeting Recording
• February 12, 2020: Meeting Minutes; Meeting Recording
• February 5, 2020: Meeting Minutes; Meeting Recording
  • Proposal to secure API V2 ( by Bryon Nevis) : EdgeX API 2.0 security
• January 29, 2020: Meeting Minutes; Meeting Recording
• January 22, 2020: Meeting Minutes; Meeting Recording
• January 15, 2020: Meeting Minutes; Meeting Recording
• January 8, 2020: Meeting Minutes; Meeting Recording
• December 18, 2019: Meeting Minutes; Meeting Recording
• December 11, 2019: Meeting Minutes; Meeting Recording
• December 4, 2019: Meeting Minutes;  Meeting Recording
• November 20, 2019: Meeting Minutes; Meeting Recording
• November 13, 2019: Meeting Minutes; Meeting Recording
• October 30, 2019: Meeting cancelled
• October 23, 2019: Meeting Minutes; Meeting Recording
• October 16, 2019: Meeting Minutes; Meeting Recording
• October 2, 2019: Meeting Minutes; Meeting Recording
• September 25, 2019: Meeting Minutes; Meeting Recording
• September 18, 2019: Meeting Minutes; Meeting Recording
• September 11, 2019: Meeting Minutes; Meeting Recording
• September 4, 2019: Meeting Minutes; Meeting Recording
• August 28, 2019: Meeting Minutes; Meeting Recording
• August 14, 2019: Meeting Recording
• August 7, 2019: Meeting Minutes; Meeting Recording
• July 24, 2019: Meeting Minutes; Meeting Recording
• July 17, 2019:  Meeting Minutes;SAST Slides;Meeting Recording
• July 10, 2019:  Meeting Minutes; Meeting Recording
• June 26, 2019:  Meeting Minutes Meeting Recording
• June 19, 2019:  Meeting Minutes; Meeting Recording
• June 12, 2019:  Meeting Minutes; Meeting Recording
• June 5, 2019:  Meeting Minutes; Meeting Recording
• May 29, 2019:  Meeting Minutes; Meeting Recording
• May 22, 2019: Meeting Minutes; Meeting Recording
• May 15, 2019:  Meeting Minutes; Meeting Recording
• May 8, 2019: Meeting Recording
• April 24. 2019: Meeting Recording
• April 17, 2019:  Meeting Minutes; EdgeX Process for Addressing Security Issues-v5.pdf; EdgeX Process for Addressing Security Issues-v5.docx; Protecting EdgeX Secrets-v7.pdf; Protecting EdgeX Secrets-v7.docx; Meeting Recording
• April 10, 2019:  Meeting Minutes; Protecting EdgeX Secrets-v7.pdf; Protecting EdgeX Secrets-v7.docx; Meeting Recording
  • Intel (Bryon and Jim) roadmap doc to explore;  https://docs.google.com/presentation/d/17W7MghqrZUu5sIHnS4F6GtOYkPWObJP-e9Tieh2qbRI/edit?pli=1#slide=id.p
  • Threat Model:  https://github.com/bnevis-i/security-secret-store/pull/1
  • Tingyu's design for Vault initialization program and Mongo init script:  Security Store Service for MongoDB microservice.docx
• April 3, 2019:  Meeting Minutes; Documents covered and requesting review:  Protecting EdgeX Secrets-v6.pdf  Protecting EdgeX Secrets-v6.docx  EdgeX Process for Addressing Security Issues-v4.pdf;  EdgeX Process for Addressing Security Issues-v4.docx; Meeting Recording
  • Intel's Exploration of EdgeX security (Threat Modeling and what's next) presentation:  https://docs.google.com/presentation/d/17W7MghqrZUu5sIHnS4F6GtOYkPWObJP-e9Tieh2qbRI/edit?pli=1#slide=id.g556c569946_0_6
  • Intel's Threat Model for Secret Store:  https://github.com/bnevis-i/security-secret-store/pull/1
    
• March 27, 2019:Meeting Minutes ; Meeting Recording; Documents reviewed:  Protecting EdgeX Secrets-v4.pdf  EdgeX Process for Addressing Security Issues-v3.pdf
• March 13 & 20th, 2019: Canceled
• March 6, 2019:Minutes; Meeting Recording
• February 27, 2019: Canceled
• February 20, 2019: Meeting Recording
• February 13, 2019: Canceled
• February 6, 2019: Canceled
• January 30, 2019: Meeting Recording
• January 16, 2019: Meeting Recording
• January 9, 2019: Meeting Recording
• December 12, 2018: Meeting Recording
• December 5, 2018: Slides and Meeting Recording
• November 28, 2018: Slides and Meeting Recording
• November 21, 2018: Canceled
• November 14, 2018: Slides and  Meeting Recording
• November 7, 2018: Slides and Meeting Recording
• October 31, 2018: Canceled
• October 10, 2018: Slides and Meeting Recording
• September 26, 2018: Meeting Recording
• September 19, 2018: Meeting Recording
• September 12, 2018: Meeting Recording
• September 5, 2018: Meeting Recording
• August 31, 2018: Meeting Recording (HRoT working session); Link to TPM specs and policies
• August 29, 2018: Meeting Recording
• August 22, 2018: Meeting Recording
• August 1, 2018: Meeting Recording
• July 25, 2018: Meeting Recording
• July 11, 2018: Meeting Recording
• June 27, 2018: Meeting Recording
• June 20, 2018: Meeting Recording
• June 13, 2018: Meeting Recording
• June 6, 2018: Cancelled since F2F meeting is occurring this week.
• May 30, 2018: Slides and Meeting Recording
• May 23, 2018: Slides and Meeting Recording
• May 16, 2018: Slides and Meeting Recording
• May 9, 2018: Slides and Meeting Recording
• May 2, 2018: Slides and Meeting Recording
• April 25, 2018: Cancelled
• April 18, 2018: Cancelled
• April 11, 2018: Slides and Meeting Recording
• April 04, 2018:  Slides and Meeting Recording
• March 28, 2018: Cancelled
• March 21, 2018: Slides and Meeting Recording
• March 14, 2018: Slides and Meeting Recording
  • IIC Endpoint Security Best Practices Final Mar 2018 document: http://www.iiconsortium.org/pdf/Endpoint_Security_Best_Practices_Final_Mar_2018.pdf
  • Snapshot of  Secure Proxy + Authentication Options for EdgeX
  • Snapshot of EdgeX-simple-jwt-auth--DRAFT
• March 7, 2018: Slides and Meeting Recording
• February 28, 2018: Slides and Meeting Recording
  • a draft copy of Simple Auth Service (.docx.odt format)
• February 21, 2018: Slides and Meeting Recording
• February 14, 2018: Slides and Meeting Recording
• February 7, 2018: Slides and Meeting Recording
• January 31, 2018: Meeting Recording
• January 24, 2018: Slides and Meeting Recording
• January 10, 2018: Meeting Recording
• January 3, 2018: Slides and Meeting Recording
• December 20, 2017: Meeting Recording
• December 13, 2017: Slides and Meeting Recording
• November 29, 2017: Slides and Meeting Recording
• November 15, 2017: Slides and Meeting Recording
• November 8, 2017: Meeting Recording
• November 1, 2017: Slides and Meeting Recording
• October 25, 2017: Slides and Meeting Recording
• October 11, 2017: Slides and Meeting Recording
• September 27, 2017: Slides and Meeting Recording
• September 20, 2017: Slides and Meeting Recording
• September 13, 2017: Slides and Meeting Recording
• September 6, 2017 Meeting - We reviewed the final outcome of the F2F meeting. Please click on this link to see the outcome and final slide deck: Link
• August 29 + 30: F2F Meeting - See 29 and 30 August 2017: Palo Alto, CA
• August 23: Meeting Recording
• August 16, 2017: Slides
• August 9, 2017: Slides
• July 7, 2017: Slides; Notes and Actions; Meeting Recording
• June 1-2, 2017: Slides

Documents

• Vault master key protection-DRAFT-v0.5.pdf
• Hardware-based Secure Storage Design - DRAFT
  • Ongoing work in online document @ https://docs.google.com/document/d/1MsTNdwtZp3zA-nPhCC3COakL3e5mrhJuFByy6ja5OxU/edit?ts=5c1a5e4.  Request access at this link.
• EdgeX Security Roadmap for Delhi, Edinburgh, Fuji and beyond
• Security Working Group Google Drive Folder
• Consolidated Feature Backlog Document
• FuseSecurityRequirements-Jan2017.docx