Giter Club home page Giter Club logo

pkg-vuln-collab-space's Introduction

Package Vulnerability Management & Reporting Collaboration Space

Mission Statement

Today maintainers deal with a significant influx of issues, PRs (re. updating dependencies) & broader comms when a new CVE is reported on a popular library in our ecosystem. Many of these are being considered "false positives" from an impact/vulnerability perspective. This level of noise creates distrust in the relationships between security companies/researchers, maintainers, & the collective end-users/consumers.

By creating a neutral forum to discuss & ideate across this ecosystem's stakeholders, we hope to improve CVE reporting & resolution workflows; Minimizing burden on maintainers & noise for consumers.

Examples of desired or successful outcomes from this discourse/space:

  • Improved delineation of domains & controls
  • Improved communication between maintainers & security researchers/organizations
  • Improved tooling for package auditing, resolution & management as a whole
    • ex. package maintainers have a mechanism to flag/counterclaim vulnerability reports of dependencies that do not affect their own usage/workflows
    • ex. end-users have a mechanism to more granularly control the visibility of the vulnerability reports of their dependencies (including filtering on flags/counterclaims)

Collaboration Space Members

In-Flight Intiatives

  • Submit & get accepted a proposal for dedicated Collaboration Space
  • Creation of a dedicated repository within the openjs-foundation GitHub Organization
  • Creation of a channel within the Foundation's Slack Organization
  • Determine a time for recurring meetings w/ members
  • Setup meeting generation tools to align with existing Foundation best practices
  • Setup Foundation's Zoom & YouTube accounts for streaming

Links & Resources

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.