docs: meeting notes for 2024-10-24

meetings/2024-10-24.md

@@ -0,0 +1,50 @@
+# Node.js  Security team Meeting 2024-10-24
+
+## Links
+
+* **Recording**:  
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1396
+* **Minutes Google Doc**: https://docs.google.com/document/d/1IzdqODrouMHFXZiEpTkW74QBNyA123d1vFgEafnv4aw/edit?tab=t.0
+
+## Present
+
+* Michael Dawson (@mhdawson)
+* Marco Ippolito (@marco-ippolito)
+* Ulises Gascón (@UlisesGascon)
+
+
+## Agenda
+
+## Announcements
+
+* Ulises - is-my-node-vulnerable, work to move over to Node.js org -  https://github.com/RafaelGSS/is-my-node-vulnerable
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  * No new issues
+- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/issues?q=is%3Aissue+OpenSSF+Scorecard+Report+Updated%21+
+  * It will happen after the meeting
+
+* Audit build process for dependencies [1037](https://github.com/nodejs/security-wg/issues/1037)
+  * Michael made a great progress (using already containers)
+  * Expected to start open PRs soon
+* Abort when vulnerable flag [852](https://github.com/nodejs/security-wg/issues/852)
+  * Probably this will be moved to a separate repo (TBC)
+*  Automate security release process [860](https://github.com/nodejs/security-wg/issues/860)
+  * no updates this week
+* Skipped working on the threat model this week as we only had 2 people
+
+## Q&A, Other
+
+* security guidelines being developed in OpenJS collaboration space https://github.com/openjs-foundation/security-collab-space/issues/211
+  * Would be good to apply to the Node.js project and see how it works/does not and provide
+     Feedback.
+
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+