Ecosystem Security Working Group
Table of Contents
- Vulnerability Management
- Processes for Security WG Members
- Node.js Bug Bounty Program
- Charter
- Code of Conduct
- Moderation Policy
- Current Project Team Members
- Emeritus Members
Charter
The Ecosystem Security Working Group works to improve the security of the Node.js Ecosystem.
Responsibilities include:
- Work with the Node Security Platform to bring community vulnerability data into the foundation as a shared asset.
- Ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there are well-documented processes for reporting vulnerabilities in community modules.
- Maintain and make available data on disclosed security vulnerabilities in:
- the core Node.js project
- other projects maintained by the Node.js Foundation technical group
- the external Node.js open source ecosystem
- Promote the improvement of security practices within the Node.js ecosystem.
- Facilitate and promote the expansion of a healthy security service and product provider ecosystem.
This Working Group is not responsible for managing or responding to security reports against Node.js itself. That responsibility remains with the Node.js TSC.
Node.js Bug Bounty Program
The program is managed through the HackerOne platform at https://hackerone.com/nodejs with further details.
Current Initiatives
We are currently defining the Initiatives for 2023, feel free to participate.
Initiative | Champion | Status | Links |
---|---|---|---|
Permission Model - 2 Phase | @RafaelGSS | In Progress | Issue #898 |
Automate update dependencies | @marco-ippolito | Done | Issue #828 |
Assessment against best practices | @fraxken/@ulisesGascon | In Progress | Issue #859 |
Automate Security release process | @RafaelGSS | Planning | Issue #860 |
Current Project Team Members
- ashishkurmi - Ashish Kurmi
- ChALkeR - Сковорода Никита Андреевич
- cjihrig - Colin Ihrig
- dgonzalez - David Gonzalez
- deian - Deian Stefan
- esarafianou - Eva Sarafianou
- fraxken - Thomas Gentilhomme
- grnd - Danny Grander
- karenyavine Karen Yavine Shemesh
- lirantal - Liran Tal
- MarcinHoppe - Marcin Hoppe
- marco-ippolito - Marco Ippolito
- mcollina - Matteo Collina
- mdawson - Michael Dawson
- mgalexander - Michael Alexander
- pxlpnk - Andreas Tiefenthaler
- RafaelGSS - Rafael Gonzaga
- ronperris - Ron Perris
- SomeoneWeird - Adam Brady
- ulisesGascon - Ulises Gascon
- vdeturckheim - Vladimir de Turckheim
Emeritus Members
- aeleuterio André Eleuterio
- bengl - Bryan English
- brycebaril - Bryce Baril
- DanielRuf - Daniel Ruf
- digitalinfinity - Hitesh Kanwathirtha
- drifkin - Devon Rifkin
- dougwilson - Doug Wilson
- elexy - Alex Knol
- evilpacket - Adam Baldwin
- gergelyke - Gergely Nemeth
- gibfahn - Gibson Fahnestock
- jasnell - James M Snell
- jbergstroem - Johan Bergström
- joshgav - Josh Gavant
- ofrobots - Ali Ijaz Sheikh
- roccomuso - Rocco Musolino
- shigeki - Shigeki Ohtsu
- sam-github - Sam Roberts
Code of Conduct
The Node.js Code of Conduct applies to this WG.
Moderation Policy
The Node.js Moderation Policy applies to this WG.