doc: include meeting note 2022-09-15 (#834)

meetings/2022-09-15.md

@@ -0,0 +1,53 @@
+# Node.js  Security WorkGroup Meeting 2022-09-15
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=HbkigptaIkw
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/833
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+* Rafael Gonzaga: @rafaelgss
+* Ulises Gascon: @ulisesgascon
+* Thomas GENTILHOMME: @fraxken
+* Facundo Tuesca: @facutuesca
+* Michael Dawson: @mhdawson
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+### nodejs/security-wg
+
+* Best Practices Document [#819](https://github.com/nodejs/security-wg/issues/819)
+  * Deep dive on the Malicious Third-Party Modules (CWE-1357) threat
+  * A few TODO’s were created in the Best Practices document
+
+* Automatic check for dependencies' vulnerabilities in Node.js CI [#802](https://github.com/nodejs/security-wg/issues/802)
+  * No updates
+  * Discussions around how to maintain the blacklist/backport
+    * Suggestion to hold the blacklist by GH Issues
+    * Suggestion to hold the blacklist on the nodejs-vuln-assessement repo
+  * Next steps:
+    1) Mechanism to specific blacklist as a file/parameter
+    2) Evaluate to move the script to the nodejs-vuln repo
+    3) Improve the output of the script
+    4) Ask triage team if they are willing to take over triage/managed of issues in the vuln repo
+
+* Threat Model [#799](https://github.com/nodejs/security-wg/issues/799)
+
+* Permission Model [#791](https://github.com/nodejs/security-wg/issues/791)
+
+* feature request for `require.pure(id)` or `pkg.pure:true` [#467](https://github.com/nodejs/security-wg/issues/467)
+
+## Q&A, Other
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+