Initiatives 2024 votes - Githubissues

nodejs / security-wg

Node.js Ecosystem Security Working Group

MIT License

488 stars 121 forks source link

Initiatives 2024 votes #1313

Closed RafaelGSS closed 1 month ago

RafaelGSS commented 2 months ago

Refs: #1255

Please, @nodejs/security-wg vote using the manual commit (it doesn't work with git node vote).

RafaelGSS commented 2 months ago

@mhdawson I made a small fix to your votes

RafaelGSS commented 2 months ago

All members have voted. Here's the official ranking:

Initiative Ranking:
1. Automate Security release process
2. Node.js maintainers: Threat Model
3. Including SBOM with Node.js
4. Audit build process for dependencies
5. Defining scopes of the Security team
6. Permission Model - Symlink & Sandbox investigation
7. Defense in Depths policy
8. Improve CII Best Practices and reach silver badge

Let's discuss it in the next security meeting.

kibertoad commented 2 months ago

"SBOMBS"?

RafaelGSS commented 1 month ago

Selected Initiatives for 2024:

1) Automate Security release process - Champion: @RafaelGSS / @marco-ippolito
2) Node.js maintainers: Threat Model - Champion: @nodejs/security-wg
4) Audit build process for dependencies - Champion: @mhdawson

Please note we have skipped item 3 (SBOM) as we don't have a volunteer for that. If you are interested in moving forward with this initiative, join us.