Threat Model #799
Comments
|
Thanks for putting that together! |
|
As a possible reference, this is how |
|
Renaming it as Threat Model as defined in #801 |
|
@facutuesca that's some nice work by |
|
Hi folks! In the last Security WG #822 we've decided to create a separate meeting (next week) to discuss just the Threat Model. The idea is to finish the draft in this meeting and then open a PR for feedback. I suggest the same time as usual (2 pm UTC) - Monday. For those who want to join, please comment on your preferred email to send the invite. cc: @facutuesca @mhdawson |
|
I'm on Monday and booked that time the rest of the days, but I could decline what I had accepted for that time on Friday. |
|
@RafaelGSS Is that Monday the 22nd? I'm interested. I could also do Friday the 26th, which I think is the day @mhdawson is suggesting. I currently have other commitments most Thursdays. This comment proposed meeting every 15 days, which would result in the meeting rotating across days-of-the-week, but it looks like meetings have been being scheduled on Thursdays. |
|
Let's do it Friday. Invite link |
|
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
This issue is just to keep tracking the work we've been doing in the Security WG. We've created a Threat Model document.
The intention of this document is to list all the current threats and their mitigation for each environment using Node.js. It may change over releases.
This document was created aiming to provide context on what will/will not be considered a vulnerability in Node.js, targeting Security Researchers.
Normally, the discussion around this document happens in the OpenJS Foundation slack (#nodejs-discussion-security-model). Feel free to contribute.
The text was updated successfully, but these errors were encountered: