Security-wg: Request for panel at @Node Atlanta

Created on 9 Apr 2019  路  5Comments  路  Source: nodejs/security-wg

Request for panel at @Node Atlanta, see https://github.com/nodejs/community-committee/issues/468

Most helpful comment

I would really like to talk about "What makes a vulnerability" and Security Best Practices:

  • What constitutes as a vulnerability, and scoring it right - we've had many discussions around this and this had been quite a bit of a topic for us as well with various issues. This is a place where we can also encourage library authors to explicitly specify security notices on unsafe APIs, or how to approach unsafe APIs, etc.
  • Guidelines for maintainers - I've been working on this quite a bit recently and I think we can help improve the ecosystem through some guidelines and tips that we can talk about. Some quick examples that come to mind are 2FA, but also how 2FA works in CI, how to mitigate against someone stealing your npm creds, etc. I'm sure we can get more of these tips that would be immediately helpful and potentially many devs are probably unaware.

I would love to do the above and think it has great value.

All 5 comments

I would really like to talk about "What makes a vulnerability" and Security Best Practices:

  • What constitutes as a vulnerability, and scoring it right - we've had many discussions around this and this had been quite a bit of a topic for us as well with various issues. This is a place where we can also encourage library authors to explicitly specify security notices on unsafe APIs, or how to approach unsafe APIs, etc.
  • Guidelines for maintainers - I've been working on this quite a bit recently and I think we can help improve the ecosystem through some guidelines and tips that we can talk about. Some quick examples that come to mind are 2FA, but also how 2FA works in CI, how to mitigate against someone stealing your npm creds, etc. I'm sure we can get more of these tips that would be immediately helpful and potentially many devs are probably unaware.

I would love to do the above and think it has great value.

I was also thinking about a "security for young organization" panel, idea would be to have a couple people handling small/young companies (young CTOs) and maybe one more experienced person with the same profile with security people in ordrer to have a discussion about what makes sense as security measures in these situations.

Both of these topics are great ideas for the panel, would be helpful to also look at who could be on the panel.

@zackarychapple could you provide more information about the conf in terms of attendees, their background and where this is multi or single track? would be perhaps useful to look into presentation options as well.

@lirantal would be happy to hop on a call to discuss, sorry I missed this notification on GitHub, went to check up and saw this message.

Was this page helpful?
0 / 5 - 0 ratings