docs: meeting notes for 2024-11-21 (#1406)

nodejs · Nov 25, 2024 · 2497544 · 2497544
1 parent e1d50b1
commit 2497544
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/meetings/2024-11-21.md b/meetings/2024-11-21.md
@@ -0,0 +1,45 @@
+# Node.js  Security team Meeting 2024-11-21
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=lo_bzAYU7Bs
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1400
+
+## Present
+
+* Michael Dawson (@mhdawson)
+* Ulises Gascon (@ulisesGascon)
+* Marco Ippolito (@marco-ippolito)
+* Richard Lau (@richardlau)
+
+
+## Announcements
+
+_N/A_
+
+## Agenda
+
+- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  * Nothing new this time
+- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
+  * https://github.com/nodejs/security-wg/pull/1405 
+  * Nothing to discuss this week.
+- Add a warning on EOL versions [security-wg-agenda](https://github.com/nodejs/security-wg/issues/1401)
+  * general agreement from those in the meeting that a single CVE on EOL is a good idea
+  * Ulises will get some feedback form those in the OpenJS Security Collaboration space
+  * we should probably also share as a proposal with the TSC
+- Node.js maintainers: Threat Model [1333](https://github.com/nodejs/security-wg/issues/1333)
+  * We were working in the modeling (mostly CI related vectors)
+  * We map some new potential threats like comms channels (added in a new section in the document)
+  * Working document: https://hackmd.io/@M_jNX2MrSVuhJwhDnKOLHg/Hk-E22bLA/edit 
+
+## Q&A, Other
+
+_N/A_
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+