Skip to content

Commit 4c60f4c

Browse files
RafaelGSSRafaelGSS
authored
doc: add meeting notes (#1371)
1 parent 4426a6e commit 4c60f4c

File tree

1 file changed

+50
-0
lines changed

1 file changed

+50
-0
lines changed

meetings/2024-08-29.md

+50
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
# Node.js Security team Meeting 2024-08-29
2+
3+
## Links
4+
5+
* **Recording**: https://www.youtube.com/watch?v=w4zzH-otKNI
6+
* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1365
7+
8+
## Present
9+
10+
* Michael Dawson (@mhdawson)
11+
* Robert W - Microsoft
12+
* Lee Holmes - Microsoft
13+
* Rafael Gonzaga (@RafaelGSS)
14+
15+
## Agenda
16+
17+
## Announcements
18+
19+
*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
20+
21+
- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
22+
* Some questions about 3 V8 CVEs, confirmed that they are not vulns in the context of the Node.js security model - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues/191
23+
- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
24+
25+
### nodejs/node
26+
27+
* src: add WDAC integration (Windows) #54364
28+
* Robert W summarised this feature and what it intends to protect.
29+
* Rafael asked if this is turned on by default
30+
* Robert W explained this is turned on via system configuration, so for Windows users that don’t make use of catalogue policy, it won’t be enabled by default.
31+
* Some discussions about security expectations, running this on untrusted code
32+
* The documentation will be aligned with Node.js threat model. This feature won’t prevent malicous code from bypassing it. This will serve as an extra layer of security for Node.js applications.
33+
* More discussion on implementation on Node.js
34+
35+
### nodejs/security-wg
36+
37+
* Node.js maintainers: Threat Model [#1333](https://github.com/nodejs/security-wg/issues/1333)
38+
* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
39+
* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
40+
41+
42+
43+
## Q&A, Other
44+
45+
## Upcoming Meetings
46+
47+
* **Node.js Project Calendar**: <https://nodejs.org/calendar>
48+
49+
Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
50+

0 commit comments

Comments
 (0)