This repository hosts the governance, processes, and artifacts of the HDF5 Safety, Security, and Privacy (SSP) Special Interest Group (SIG).
The SSP SIG exists to:
- Improve the safety, security, and privacy posture of the HDF5 library, file format, and ecosystem.
- Coordinate community expertise around threat modeling, audits, incident readiness, and secure operational practices.
- Provide practical guidance, checklists, and tooling for users and implementers across the ecosystem.
We welcome participation from:
- Contributors and maintainers of HDF5 and related projects (HSDS, tools, bindings, etc.).
- Organizations that deploy HDF5 in production (research, HPC, industry, cloud).
- Security, privacy, and reliability practitioners with relevant expertise.
- Propose work via a Proposal issue (use the "SSP Proposal" template).
- Join SSP SIG meetings and help review proposals and decisions.
- Help author and review guidance, checklists, and reference configs.
- Participate in audits and tabletop exercises.
See:
- CHARTER.md — the remit and operating model of the SIG.
- GOVERNANCE.md — roles, decision-making, and lifecycle.
- CONTRIBUTING.md — how to get involved.
- SECURITY.md — coordinated vulnerability disclosure.
SSP SIG meetings are typically held on a regular cadence (e.g., bi-weekly), with an agenda and minutes recorded using the "SSP SIG Meeting Minutes" issue template.
Links to recurring meeting invites, video calls, and notes can be added here once established.
Textual content in this repository is provided under the Creative Commons Attribution 4.0 (CC BY 4.0) license unless otherwise noted.