Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Meeting notes for 2024-11-21 #1406

Merged
merged 1 commit into from
Nov 25, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions meetings/2024-11-21.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Node.js Security team Meeting 2024-11-21

## Links

* **Recording**: https://www.youtube.com/watch?v=lo_bzAYU7Bs
* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1400

## Present

* Michael Dawson (@mhdawson)
* Ulises Gascon (@ulisesGascon)
* Marco Ippolito (@marco-ippolito)
* Richard Lau (@richardlau)


## Announcements

_N/A_

## Agenda

- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
* Nothing new this time
- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
* https://github.com/nodejs/security-wg/pull/1405
* Nothing to discuss this week.
- Add a warning on EOL versions [security-wg-agenda](https://github.com/nodejs/security-wg/issues/1401)
* general agreement from those in the meeting that a single CVE on EOL is a good idea
* Ulises will get some feedback form those in the OpenJS Security Collaboration space
* we should probably also share as a proposal with the TSC
- Node.js maintainers: Threat Model [1333](https://github.com/nodejs/security-wg/issues/1333)
* We were working in the modeling (mostly CI related vectors)
* We map some new potential threats like comms channels (added in a new section in the document)
* Working document: https://hackmd.io/@M_jNX2MrSVuhJwhDnKOLHg/Hk-E22bLA/edit

## Q&A, Other

_N/A_

## Upcoming Meetings

* **Node.js Project Calendar**: <https://nodejs.org/calendar>

Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.

Loading