joesepi
commented
1 year ago There is work going on in the Security Collaboration Space at the OpenJS Foundation to help give guidance to JavaScript developers around security as well. Part of our plan is go take guidance and direction from the OpenSSF and tailor it to JS projects. That being said, we may want to highlight some of the resources at OpenSSF for the time being might be good.
A couple examples:
- https://best.openssf.org/Concise-Guide-for-Developing-More-Secure-Software
- https://training.linuxfoundation.org/training/developing-secure-software-lfd121/
Note: the Security Collab Space is something of a new effort and there isn't a lot in the repo. We have shifted a lot of our focus at the moment on standing up the grant we received from the Sovereign Tech Fund. See more info on that grant here: https://openjsf.org/blog/2023/05/02/openjs-foundation-receives-major-government-investment-from-sovereign-tech-fund-for-web-security-and-stability/
DavidSint
Not sure the way of working previously, but I like my teams to raise PRs at the beginning to allow for early feedback.
This WIP PR will be used for my draft of the security section, as taken on at the meeting on 2023/06/21.