Code Monkey home page Code Monkey logo

security-wg's Introduction

Security Working Group

Charter

The Security Working Group manages all aspects and processes linked to the Express Project's security, and is responsible for managing incoming security reports, and responsible also to prepare patches or releases. The nature of this task is sensitive, so only the Security triage team, Repo Captains and TC members will be involved in it.

Responsibilities

  • Define the Security triage role
  • Define and maintain security policies and procedures for the project and the packages in scope (see this spreadsheet for scope details)
  • Provide guidance to the ecosystem on how to build more secure middleware
  • Review and recommend processes for handling of security reports.
  • Promote improvement of security practices within the Express project's ecosystem (For example: OSSF Scorecard, threat model, etc..)
  • Recommend security improvements for the project and the packages in scope
  • Support the TC team on security triage as needed
  • Support initiatives from the OpenJS Foundation Security Collab Space.
  • Support initiatives from the OpenSSF Best Practices for Open Source Developers Working Group.

Current Initiatives

We are currently defining the Initiatives for 2024, feel free to participate.

Initiative Champion Status Links
OSSF Scorecard @inigomarquinez In progress #2
Threat Model TBC In progress #3
Support OSTIF Audit @UlisesGascon In progress #6

Members

The Security Working Group is composed of two groups of members: the Security Triage Team and the Regular members. The regular members are responsible for the public facing activity of the group, while the Security Triage Team is responsible for the security triage process.

Security Triage Team

Team Members

Meetings

The Security Working Group meets every two weeks. Meetings are held on Zoom and are recorded or directly streamed to Youtube. The meeting is open to the public. The agenda and meeting notes are published in this repository. The calendar entries are available in the OpenJS Foundation calendar.

Offline Discussions

The Security Working Group uses the GitHub issues for offline discussions. The discussions are open to the public and anyone can participate. Also, the group uses the channel #express-security-wg in the OpenJS Foundation Slack for real-time discussions.

Code of Conduct

The Express Project's CoC applies to this repo.

security-wg's People

Contributors

ulisesgascon avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.