Closed RafaelGSS closed 1 month ago
@mhdawson I made a small fix to your votes
All members have voted. Here's the official ranking:
Initiative Ranking:
1. Automate Security release process
2. Node.js maintainers: Threat Model
3. Including SBOM with Node.js
4. Audit build process for dependencies
5. Defining scopes of the Security team
6. Permission Model - Symlink & Sandbox investigation
7. Defense in Depths policy
8. Improve CII Best Practices and reach silver badge
Let's discuss it in the next security meeting.
"SBOMBS"?
Selected Initiatives for 2024:
Please note we have skipped item 3 (SBOM) as we don't have a volunteer for that. If you are interested in moving forward with this initiative, join us.
Refs: #1255
Please, @nodejs/security-wg vote using the manual commit (it doesn't work with
git node vote
).