Git Product home page Git Product logo

security-wg's Introduction

Security Working Group

Note: this group is in the process of seeking Charter by the TSC (nodejs/TSC#175)

Mandate

The Security Working Group's purpose is to achieve the highest level of security for Node.js and community modules.

Its responsibilities are:

  • Define and maintain security policies and procedures for:
    • the core Node.js project
    • other projects maintained by the Node.js Foundation technical group
  • Work with the node security project to bring community vulnerability data into the foundation as a shared asset.
  • Set up processes and procedures and follow these to ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there are well documented processes for reporting vulnerabilities in community modules.
  • Work to set a high standard for the Node.js project. Possibly efforts could include penetration testing, security reviews etc, review guidelines, coding standards etc.
  • Review and recommend processes for handling of security reports (but not the actual handling of security reports, which are reviewed by a group of people directly delegated to by the TSC).
  • Define and maintain policies and procedures for the coordination of security concerns within the external Node.js open source ecosystem.
  • Offer help to npm package maintainers to fix high-impact security bugs
  • Maintain and make available data on disclosed security vulnerabilities in:
    • the core Node.js project
    • other projects maintained by the Node.js Foundation technical group
    • the external Node.js open source ecosystem
  • Promote improvement of security practices within the Node.js ecosystem
  • Recommend security improvements for the core Node.js project
  • Facilitate and promote the expansion of a healthy security service and product provider ecosystem vulnerabilities.

Private Node.js core security group

The Node.js Security Working Group is not responsible for managing incoming security reports to the [email protected] address, nor is it privy to or responsible for preparing embargoed security patches and releases.

The Node.js TSC maintains primary responsibility for the management of private security activities for Node.js core but relies on the Node.js Security Working Group to recommend and help maintain policies and procedures for that management.

Current Project Team Members

security-wg's People

Stargazers

 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.