The Salt Project Creates a New Security Working Group

May 19, 2021 - slangadmin

We are excited to announce the creation of a new Security Working Group.

The Salt Project has a number of existing working groups, made up of members of the Salt community, who collaborate with the Salt Core Team to identify and work on specific projects within their area of focus. We think that the Security Working Group will be a great addition to this and will allow members of the community to lead projects that advance the state of security within the Salt Project as a whole.

What will this group do?

The members of the group will decide exactly what projects and goals they want to work towards and document those in the group’s charter. There is a proposed charter which gives some idea of what the purposes and objectives could look like. It focuses on work that will:

– Ensure that a user installing Salt gets a system that minimizes security risks but doesn’t impact their ability to use the full power of Salt.

– Help users to configure Salt to meet their needs without exposing themselves to security issues, through changes to Salt, updates to existing documentation, and creation of new content.

We also recognize that recently discovered vulnerabilities and the associated CVE releases have been issues of concern for the community. The Security Working Group will work with the Core Team and Release Working Group to develop a Security Release process and communication plan to help address the issues raised by the community and documented in the recent retrospective

Through a combination of pro-active work that should help mitigate the impact of future vulnerabilities and improvements in the handling of Security Releases, we hope to see the group make a positive impact for the project and the wider community.

Getting involved with the group

The group will meet on the 2nd Monday of the month at 9 am MDT/3 pm UTC, via Zoom, with the first meeting on Monday 10th May 2021.

We’re looking for people who want to actively contribute to the group’s work and will need members who between them have a diverse range of skills and experience, including:

* Writing and updating documentation
* Creating guides to securing or hardening software
* Developing release and communication plans
* Packaging
* Secure systems design
* Writing code
* Reviewing code
* Auditing code
* Operating System security and tooling

If this sounds interesting and you would like to get involved, please come along to a meeting or contact