The Security Working Group manages all aspects and processes linked to the Express Project's security, and is responsible for managing incoming security reports, and responsible also to prepare patches or releases. The nature of this task is sensitive, so only the Security triage team, Repo Captains and TC members will be involved in it.
We are currently defining the Initiatives for 2024, feel free to participate.
| Initiative | Champion | Status | Links |
|---|---|---|---|
| OSSF Scorecard | @inigomarquinez | In progress | #2 |
| Threat Model | TBC | In progress | #3 |
| Support OSTIF Audit | @UlisesGascon | In progress | #6 |
The Security Working Group is composed of two groups of members: the Security Triage Team and the Regular members. The regular members are responsible for the public facing activity of the group, while the Security Triage Team is responsible for the security triage process.
The Security Working Group meets every two weeks. Meetings are held on Zoom and are recorded or directly streamed to Youtube. The meeting is open to the public. The agenda and meeting notes are published in this repository. The calendar entries are available in the OpenJS Foundation calendar.
The Security Working Group uses the GitHub issues for offline discussions. The discussions are open to the public and anyone can participate. Also, the group uses the channel #express-security-wg in the OpenJS Foundation Slack for real-time discussions.
The Express Project's CoC applies to this repo.