Amir From OSTIF: Discuss Node.js Security Audit

[bensternthal]

{agenda to be filled out by @Amir-Montazery}, ping @mhdawson for visibility

[Amir-Montazery]

Many thanks Ben. Agenda is as follows:

1. Introductions: Introduce myself (Amir Montazery, Managing Director, OSTIF) and Open Source Technology Improvement Fund (OSTIF).
2. Context around node.js audit.
3. Context around OSTIF audit process (reference documentation: https://docs.google.com/document/d/15FUEFi6ET8cTQ1gHdijNt0LsiWgzVzApFVT8J87CJHw/)
4. Schedule, timing and what to expect.
5. Questions, Comments, and Concerns.
6. Next Steps.

[mhdawson]

I've added to the TSC agenda, can you confirm you can make the next meeting which is on the 18th of Oct at 9 AM ET in which case we'll get you the password needed to join between now and then. The issue for the meeting with the agenda will be created in the https://github.com/nodejs/TSC repo on Monday

[Amir-Montazery]

Confirmed. I will be available 18th of Oct at 9 AM ET.

[mcollina]

We are looking for a volunteer to be the point of contact for the security audit.

[RafaelGSS]

I can help on that.

[RafaelGSS]

@Amir-Montazery can you ping me in the OpenJS Slack so I can ask a couple of questions and check if I'll have the bandwidth to do that?

[mhdawson]

Removing from agenda since presentation was last week.

[RafaelGSS]

Folks, I had an initial chat with @Amir-Montazery and I've suggested he start participating in our security team meetings (a.k.a security-wg) to get more context of our current/past initiatives, what didn't work, what we haven't tried yet and so on.

@Amir-Montazery informed me that one of their security researchers will be introduced to our conversations about an audit. Any news we'll update this issue.

[mhdawson]

@Amir-Montazery wondering what the next step on this is. If an audit is not planned in the next little while maybe this issue can be closed and re-opended when its in the plans?

[RafaelGSS]

See: nodejs/security-wg#1159 @mhdawson

[mhdawson]

@RafaelGSS thanks, for the link. I'm not sure we need this issue as well in the TSC repo.