This repository hosts the governance, processes, and artifacts of the HDF5 Safety, Security, and Privacy (SSP) Special Interest Group (SIG).
The SSP SIG exists to:
- Improve the safety, security, and privacy posture of the HDF5 library, file format, and ecosystem.
- Coordinate community expertise around threat modeling, audits, incident readiness, and secure operational practices.
- Provide practical guidance, checklists, and tooling for users and implementers across the ecosystem.
We welcome participation from:
- Contributors and maintainers of HDF5 and related projects (HSDS, tools, bindings, etc.).
- Organizations that deploy HDF5 in production (research, HPC, industry, cloud).
- Security, privacy, and reliability practitioners with relevant expertise.
- Propose work via a Proposal issue (use the "SSP Proposal" template).
- Join SSP SIG meetings and help review proposals and decisions.
- Help author and review guidance, checklists, and reference configs.
- Participate in audits and tabletop exercises.
See:
- CHARTER.md — the remit and operating model of the SIG.
- GOVERNANCE.md — roles, decision-making, and lifecycle.
- CONTRIBUTING.md — how to get involved.
- SECURITY.md — coordinated vulnerability disclosure.
- POLICIES — policies governing the HDF5 library, file format, and extensions
SSP SIG meetings are typically held on a regular cadence (e.g., bi-weekly), with an agenda and minutes recorded using the "SSP SIG Meeting Minutes" issue template.
Links to recurring meeting invites, video calls, and notes can be added here once established.
Textual content in this repository is provided under the Creative Commons Attribution 4.0 (CC BY 4.0) license unless otherwise noted.
This material is based upon work supported by the National Science Foundation under Federal Award No. 2534078. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.