-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Node.js Security team Meeting 2023-11-09 #1146
Comments
Maybe we will have to skip this meeting since we will be all travelling from NodeConf |
FYI @Amir-Montazery, it is likely this meeting will be cancelled due to most of us attending NodeConfEU. |
Ok, thank you Rafael! Regardless of whether this meeting gets cancelled or not, I'll have some more info for the group in the coming days. |
I'll be ready for the 11/23 meeting. I will provide more information as soon as possible, I am waiting on an update and should have it this week. |
Here's what we have in mind for the node.js security work for December. It will require minimal input and time commitment from existing developers. I will have more info at the 11/23 meeting. See below: There are currently two projects integrated into OSS-Fuzz which are targeting code of nodejs:
The llhttp project is doing well and has been for a long time: https://introspector.oss-fuzz.com/project-profile?project=llhttp The Nodejs has been broken for a long time and the fuzzer of it is not running. It makes sense to make sure the Nodejs project gets back to running and also update the fuzzer accordingly as well as extend the setup. The fuzzer for the Nodejs project in OSS-Fuzz is the fuzzer in the Node codebase here: https://github.com/nodejs/node/tree/main/test/fuzzers. Note that it was David Korczynski who did the initial work for getting Node into OSS-Fuzz, so he's familiar with the existing work from that perspective. Another improvement that has happened in OSS-Fuzz the last year has been improved support for javascript fuzzing. As such, we will be looking at applying this on the Nodejs codebase as well. |
Time
UTC Thu 09-Nov-2023 15:00 (03:00 PM):
Or in your local time:
Links
Agenda
Extracted from security-wg-agenda labelled issues and pull requests from the nodejs org prior to the meeting.
nodejs/security-wg
Invited
Observers/Guests
Notes
The agenda comes from issues labelled with
security-wg-agenda
across all of the repositories in the nodejs org. Please label any additional issues that should be on the agenda before the meeting starts.Joining the meeting
https://zoom.us/j/92309450775
The text was updated successfully, but these errors were encountered: