Dear Home Assistant community,
on base of former discussions on this topic Call for Collaboration: Home Assistant Safety, Security & Privacy and the fact, that there is not even an existing tag for “safety” I want to ask for support to create a risk board, where everyone who is part of this community can point others on critical risks with regards to safety, security, privacy issues for each other.
The idea behind this is, to create a traceable standard form that for each of these and similar topic that are understandable whith one view and that can be easily classified by a risk board team to get awareness about issues criticality, prioritize, track, address, highlighted, to promote for spending effort or search for bounties and to to find specialists close, review and approve them.
To be little more concrete: Using Home Assistant can switch e.g. high power consumers, heating systems, valves and many more, that cause massive, even catastrophic personal hazards to us, they even can prevent power outages from beeing recovered or open weak private systems for hackers to missuse. On the other side issues where found, that support private users to create highly critical safety system that create high fire hazard and can risk injuries not only for them selfes but many others that live with them.
Please help us to create a prominent solution with least possible hurdles for everyone to point each other on his finding independent of his experience and with least possible effort.
Suggested strategy:
Search and harmonize a solution, ideal by reuse to place risks as a standard form.
Harmonize and create the standard form to quickly understand the criticality of the risk and the impact
Develop a formal process to trace the progress and timeline to solve issues
Find willing members for the risk board team to classify and suggest mitigations or solutions.
Thank you all in advance for your suggestions and your support!
Hi Tom, thanks for your suggestion! I found maybe a good place for a “Risk Board” and suggest this to be created on same level as Homeassistant → “Projects” respectively to reuse the identical structure beneath of it as maybe sufficient.
If possible, I’d suggest to add the topics Safety, Security, Privacy, Reliability, Robustnes… beneath of it and create sub projects for each and to manage dedicated requirements and retroactive effects between each of them. Do you think this is supportable from your side?
Dear HA web owners, Its clear that I have no rights to create a new “Risk Board” vault under “/orgs/home-assistant/projects” nor here at github… (not needed to explain why!). So if on your side of responsibilities for this web presentation this could be taken as serious as it probably should, I would please you to jump in this discussion or ask you to include a new “Risk Board” management vault at a really prominent level. On base of a very long experience with safety development, the effort to inject any risk findings with regards to “safety”, “security”, “privacy” etc, should be the least possible and moderators in person should try to not judge serious findings to keep writers involved for testing, feel to find serious understanding, reviewing and approval of risk mitigations. Also users should have very low effort to find and fill out a standard form for risks and access grant should be very low to be accepted by all who have a very new account and found maybe something serious.
Otherwise even critical safety risks get not or too late into focus like this is the case when using HA for plugs switching of high safety critical power consumers at >=100W.
As suggestion to be discussed: “/r/risk_board” would be a very honest place for presenting your community to take these topics and issues very serious in the future to harden Home Assistant.
A less good place would be at github “github.com/orgs/home-assistant/risk_board/” with the unpleasant tradeoff, that users need maybe also a github account which is unplausible (in my mind) for normal users without intent or skills for participating in the developement process?
Is it plausbile for you to involve here to support us for with priority for safety, security and privacy improvements? Thanks for your answers and BR