-
## This would solve...
The security wg has been looking at auditing build dependencies for Node.js. https://github.com/nodejs/security-wg/issues/1236
One area we thought that we could improv…
-
Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports […
-
As discussed in the last meeting #857. I'm creating this issue to, discuss and follow the evolution of this new Security-WG initiative for 2023.
The main idea is to assess how the Node.js project i…
-
Hi Security Tooling WG folks! When you get a chance, can you please add Protobom to your main page? I am sharing the project with an internal team, and am trying to also share how it is aligned to an …
-
The OpenJS Foundation (OpenJSF) (and previously Node.js Foundation) has indicated plans of creating a new security program for the Node.js ecosystem, scoped more narrowly to the OpenJSF projects.
T…
-
The [Security and privacy considerations](https://w3c.github.io/vibration/#security-and-privacy-considerations) section states:
> For these reasons, the user agent MAY inform the user when the API …
-
Hey all - I have added WDAC integration to Node on Windows in [PR 54364](https://github.com/nodejs/node/pull/54364).
I just want to make sure that I'm pulling the right people into the conversatio…
-
There has been an extended conversation on the Last Call list, with some followup on the WG's mailing list, about STARTTLS, with comments including: insistence that STARTTLS be treated as part of SMTP…
-
# Background
To raise the visibility of the EEF, I would like to add a `README` to the Organisation GitHub page.
Example: https://github.com/ossf
It should contain:
* Logo (best would be wi…
-
Per discussion with the security wg at the 11/23/2023 wg meeting, an issue has been created to kick off and help track the fuzzing security initiative scheduled for December 2023. A general descripti…