Ecosystem Security Working Group

Table of Contents

• Vulnerability Management
  • Vulnerability Database
  • Recognition for Security Researchers
• Processes for Security WG Members
  • Security Team Membership Policy
  • On-boarding Team Members
  • Off-boarding Team Members
• Node.js Bug Bounty Program
• Charter
• Code of Conduct
• Moderation Policy
• Current Project Team Members
• Emeritus Members

Charter

The Ecosystem Security Working Group works to improve the security of the Node.js Ecosystem.

Responsibilities include:

• Work with the Node Security Platform to bring community vulnerability data into the foundation as a shared asset.
• Ensure the vulnerability data is updated in an efficient and timely manner. For example, ensuring there are well-documented processes for reporting vulnerabilities in community modules.
• Maintain and make available data on disclosed security vulnerabilities in:
  • the core Node.js project
  • other projects maintained by the Node.js Foundation technical group
  • the external Node.js open source ecosystem
• Promote the improvement of security practices within the Node.js ecosystem.
• Facilitate and promote the expansion of a healthy security service and product provider ecosystem.

This Working Group is not responsible for managing or responding to security reports against Node.js itself. That responsibility remains with the Node.js TSC.

Node.js Bug Bounty Program

The program is managed through the HackerOne platform at https://hackerone.com/nodejs with further details.

Current Initiatives

We are currently defining the Initiatives for 2023, feel free to participate.

Current Project Team Members

• ChALkeR - Сковорода Никита Андреевич
• cjihrig - Colin Ihrig
• DanielRuf - Daniel Ruf
• dgonzalez - David Gonzalez
• deian - Deian Stefan
• esarafianou - Eva Sarafianou
• fraxken - Thomas Gentilhomme
• grnd - Danny Grander
• karenyavine Karen Yavine Shemesh
• lirantal - Liran Tal
• MarcinHoppe - Marcin Hoppe
• mcollina - Matteo Collina
• mdawson - Michael Dawson
• mgalexander - Michael Alexander
• pxlpnk - Andreas Tiefenthaler
• RafaelGSS - Rafael Gonzaga
• ronperris - Ron Perris
• SomeoneWeird - Adam Brady
• ulisesGascon - Ulises Gascon
• vdeturckheim - Vladimir de Turckheim

Emeritus Members

• aeleuterio André Eleuterio
• bengl - Bryan English
• brycebaril - Bryce Baril
• digitalinfinity - Hitesh Kanwathirtha
• drifkin - Devon Rifkin
• dougwilson - Doug Wilson
• elexy - Alex Knol
• evilpacket - Adam Baldwin
• gergelyke - Gergely Nemeth
• gibfahn - Gibson Fahnestock
• jasnell - James M Snell
• jbergstroem - Johan Bergström
• joshgav - Josh Gavant
• ofrobots - Ali Ijaz Sheikh
• roccomuso - Rocco Musolino
• shigeki - Shigeki Ohtsu
• sam-github - Sam Roberts

Code of Conduct

The Node.js Code of Conduct applies to this WG.

Moderation Policy

The Node.js Moderation Policy applies to this WG.