Skip to content

Commit

Permalink
doc: add 10-10-2024 meeting notes (#1394)
Browse files Browse the repository at this point in the history
  • Loading branch information
RafaelGSS authored Oct 10, 2024
1 parent 6c3f2c4 commit e170d68
Showing 1 changed file with 65 additions and 0 deletions.
65 changes: 65 additions & 0 deletions meetings/2024-10-10.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# Node.js Security team Meeting 2024-10-10

## Links

* **Recording**: https://www.youtube.com/watch?v=pRbiKOqoCRs
* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1389
* **Minutes Google Doc**: https://docs.google.com/document/d/12oXkIdsOxSfv1Q5K4rkWTh-lkzr9LxwcZERCIvWYHOg/edit?tab=t.0

## Present

* Security wg team: @nodejs/security-wg
* Rafael Gonzaga: @RafaelGSS
* Michael Dawson: @mhdawson
* UlisesGascón: @UlisesGascon
* Marco Ippolito: @marco-ippolito
* Richard Lau: @richadlau

## Agenda

## Announcements

*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.

- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
- Nothing has changed since last week
- OpenSSL update coming in next regular releases

- [X] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
- No action required from our side: https://github.com/nodejs/security-wg/pull/1393
- Requested a feature to add threshold to the issues notification: https://github.com/ossf/scorecard-monitor/issues/88



### nodejs/node

* src: add WDAC integration (Windows) [#54364](https://github.com/nodejs/node/pull/54364)
* Microsoft team working on updating the PR

### nodejs/security-wg

* Audit build process for dependencies #1037
* Michael: made progress on building common container, and using in the deps that build
WASM

* Automate security release process #860
* Nothing has changed since last meeting

* Abort when vulnerable flag #852
* a bit complex to solve properly since it requires a remote call back to the vulnerability
database.
* Michael, would be good to PR into - https://github.com/nodejs/nodejs-ambassadors as
message to be amplified

* Node.js maintainers: Threat Model #1333
* We have created the Threats section
* Good progress so far

## Q&A, Other

## Upcoming Meetings

* **Node.js Project Calendar**: <https://nodejs.org/calendar>

Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.

0 comments on commit e170d68

Please sign in to comment.